Windows Analysis Report
Fly.exe

Overview

General Information

Sample Name:	Fly.exe
Analysis ID:	752938
MD5:	b84de037868a4478d8fd2aa4eadab1ae
SHA1:	0c42d5822185a1183a8c7a25c301e80fbdf12033
SHA256:	47befc5c8d57f2b9b6da77ae1567b70d0603203b1de990392028b95b99783836
Tags:	exe
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Yara detected Generic Downloader

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Installs a global mouse hook

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Fly.exe	ReversingLabs: Detection: 76%
Source: Fly.exe	Virustotal: Detection: 60%			Perma Link

Antivirus / Scanner detection for submitted sample

Source: Fly.exe	Avira: detected
Source: Fly.exe	Avira: detected

Machine Learning detection for sample

Source: Fly.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 0.0.Fly.exe.294054.1.unpack	Avira: Label: TR/Taranis.1102
Source: 0.0.Fly.exe.280000.0.unpack	Avira: Label: TR/Taranis.1102
Source: 0.0.Fly.exe.280000.0.unpack	Avira: Label: TR/Taranis.1102

Uses 32bit PE files

Source: Fly.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Fly.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdbX source: Fly.exe
Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdb source: Fly.exe
Source:	Binary string: d:\code\other\StreamBaby20151029\FlyWorldR\obj\x86\Debug\FlyWorldR.pdb source: Fly.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43F85h	0_2_04C43D3F
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43AB2h	0_2_04C43A00
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43AB2h	0_2_04C43A10
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 00000098h	0_2_0D264790
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853F85h	10_2_02853D3F
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853AB2h	10_2_02853A00
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853AB2h	10_2_02853A10
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 58h	10_2_0CBA4ED0
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 58h	10_2_0CBA4EC0

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Fly.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fly.exe.280000.0.unpack, type: UNPACKEDPE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 103.235.46.40 103.235.46.40
Source: Joe Sandbox View	IP Address: 103.235.46.40 103.235.46.40

Source: Fly.exe	String found in binary or memory: http://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d%M.%mGConfigTag&cid=?checksum=&checks
Source: Fly.exe	String found in binary or memory: http://%s/ts/f4/http://%s/ts/f3/http://%s/ts/f2.2/http://%s/ts/f7/http://%s/as/c/f9/http://%s/as/c/f
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://1.su.bdimg.com
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.23
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=add&userName=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=addgivescore&c=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=down&key=1_http://123.57.239.185/UpDo.ashx?type=down&key=2
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getgivescore&c=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getscore
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettext
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettextP
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettextchttp://123.57.239.185/UpDo.ashx?type=getscore&id=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getusercode&name=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/cfg.txt
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185:8081
Source: Fly.exe	String found in binary or memory: http://123.57.239.185:8081/VersionInfoManager2.aspx?type=getlasturl&softName=Fly
Source: Fly.exe	String found in binary or memory: http://123.57.239.185:8081/VersionInfoManager2.aspx?type=getlastversion&softName=Fly
Source: Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185x
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185x&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://2.su.bdimg.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://28608.recommend_list.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://3.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://4.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://5.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://6.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://7.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.map.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.open.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://app.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b1.bdstatic.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b1.bdstatic.com/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b2.bdstatic.com/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bdimg.share.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/doc/shortcut.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/rili.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/riqi/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/riqi/daojishi.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/shicha/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/user/login.asp
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.514767545.00000000095ED000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383671912.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://blog.deconcept.com/2006/01/11/getvariable-setvariable-crash-internet-explorer-flash-6/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.baidu.com/c.gif?t=0&q=%B1%B1%BE%A9%CA%B1%BC%E4&p=0&pn=1
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://code.google.com/p/swfobject/
Source: Fly.exe, 00000000.00000002.518245883.000000000BCAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dr.dh.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eclick.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ecma.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ecmb.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f3.baidu.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://game.weibo.com/?bottomnav=1&wvr=6
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fgips2.baidu.com%2Fit%2Fu%3D266262691%2C3660801848%26f
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fpics2.baidu.com%2Ffeed%2F1ad5ad6eddc451da85c7a1a25839
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fpics6.baidu.com%2Ffeed%2F472309f7905298221fdd30599ef2
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbaikebcs.bdimg.com%2Fbaike-icon.png&refer=http%3
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbaikebcs.bdimg.com%2Fbaike-icon.png&refer=http%3A%2F
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbkimg.cdn.bcebos.com%2Fsmart%2F8644ebf81a4c510f0527b
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fgips0.baidu.com%2Fit%2Fu%3D2260621858%2C2467994607%2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F5d6034a85edf
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips0.baidu.com/it/u=2679461647
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips0.baidu.com/it/u=3063777129
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips2.baidu.com/it/u=266262691
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips2.baidu.com/it/u=3820154248
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://graph.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hdpreload.baidu.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.baidu.com/question
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i7.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i8.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i9.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=utf-8&dyTabStr=MCwyLDEsN
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=utf-8&dyTabStr=MCwyLDYsM
Source: Fly.exe	String found in binary or memory: http://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_
Source: Fly.exe	String found in binary or memory: http://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_
Source: Fly.exe	String found in binary or memory: http://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ir.weibo.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jianyi.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://kankan.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/china/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/france_paris/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/japan_tokyo/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/south-korea/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://map.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://news.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nsclick.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nsclick.baidu.com/v.gif?pid=315&rsv_yc_log=3&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://olime.baidu.com
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baid
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510523459.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?
Source: Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-116636855P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1189179503P
Source: Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1203931028P
Source: Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1238841827P
Source: Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1393796328P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1430950788P
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1504103626P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1587685878P
Source: Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1686055535P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1786656532P
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1923039153P
Source: Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1932009544P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1982673588P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-230144334P
Source: Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-476747791P
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-657294465P
Source: Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-841590707P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1054374455P
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1167635074P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1209366569P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?124324289P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1355428746P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510523459.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1395537891P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1512711376P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1534392538P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1584678096P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511210615.0000000003074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1776475766P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1880054304P
Source: Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?2062632002P
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?2120196423P
Source: Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?395646536P
Source: Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?75032074P
Source: Fly.exe	String found in binary or memory: http://open.baidu.com/special/time/?7baidu_time
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?809387345P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?855175349P
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.comx&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://opendata.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://p.qiao.baidu.com
Source: Fly.exe, 00000000.00000003.320383378.000000000BCFC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518495404.000000000BCFF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507633512.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/
Source: Fly.exe, 00000000.00000002.516275040.00000000089E8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513843539.000000000866C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/0_
Source: Fly.exe, 0000000A.00000003.383822155.000000000962A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/LMEMH
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://qingting.baidu.com/index
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s.share.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bds
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bdsta
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bdstatic.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sclick.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sclick.baidu.com/w.gif
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sensearch.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sestat.baidu.com
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383671912.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://simg.sinajs.cn/blog7swf/suppercookie.swf
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://sjs.sinajs.cn/blog7swf/fonts.swf
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ss.bdimg.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://suggestion.baidu.com/su
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t1.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=1337948103
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=1472401995
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=2824854462
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=3648037599
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=3818340645
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=961292679
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t11.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t11.baidu.com/it/u=1869138868
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=1111148001
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=136926827
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=2225597996
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=2732137085
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=3949392299
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t2.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t3.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=1090988899
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=4039794314
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=647907479
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t9.baidu.com/it/u=1145209857
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t9.baidu.com/it/u=2330579128
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tag.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&kw=%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&kw=%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&kw=%E5%8C%97%E4%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&kw=%E5%8C%97%E4%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://time.tianqi.com/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://time.tianqi.com/beijing/?_t_t_t=0.19692036100158394
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://trust.baidu.com/vstar/official/intro?type=gw
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://v.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://v.baidu.com/v?ct=301989888&rn=20&pn=0&db=0&s=25&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://vse.baidu.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wappass.baidu.com
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511443194.00000000030C8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511804273.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/5925617199/IFyQQxwKH?from=page_1006065925617199_profile&wvr=6&mod=weibotime
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508399117.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/jiushixiao(
Source: Fly.exe	String found in binary or memory: http://weibo.com/jiushixiao;http://123.57.239.185/cff.txt
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/n/
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/o
Source: Fly.exe	String found in binary or memory: http://weibo.com/u/5389088204
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/u/5389088204O
Source: Fly.exe, 0000000A.00000002.507607536.0000000000AA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/u/5389088204fdw
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.comx&
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&word=%E5%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&word=%E5%
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://whzf.beijing.gov.cn/
Source: Fly.exe, 00000000.00000003.299905099.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300111527.0000000005894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.agfamonotype.
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/gaoji/preferences.html
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=2eG4qfWnnerkqC3nz9HzT5zk_FGwXMiAr5UE8-D4YNnJyJ801hbnB6FMmBKdSQ1w
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=2eG4qfWnnerkqC3nz9HzT5zk_FGwXMiAr5UE8-D4YNnJyJ801hbnB6FMmBKdSQ1w"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=7IveK5rsBvu4OAAqF0aXL0UwdPkqaGiq4lEhm3NKwH0GsIQA7-WSYJjsspHcqHwG
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=7IveK5rsBvu4OAAqF0aXL0UwdPkqaGiq4lEhm3NKwH0GsIQA7-WSYJjsspHcqHwG"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=ByhP8f3BSCCjDNcAWWy-BATZ7uc5jHDksrg_lQbRCezsDZcWTCM9JXpKxDLl24C-BqCHpp
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Hxar8uWEKoSbf2el-5smp4tpmjNFGlLtxeh30nmGodbfotYLLZxJR2m17Zd2lraFFv-6pA
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Nr0-SlX3e2FdWuw2L3jnV6ExUczOVvE_yvXt2Mgeg05glPipO1SKZvQ7uh6Kt0S2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Nr0-SlX3e2FdWuw2L3jnV6ExUczOVvE_yvXt2Mgeg05glPipO1SKZvQ7uh6Kt0S2"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=O75-vTtnp3huuoviIO54HdNFy0CtM6gy04VBrYYGzl9cclRGLKFJIn_Z0U2mRIPW
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=O75-vTtnp3huuoviIO54HdNFy0CtM6gy04VBrYYGzl9cclRGLKFJIn_Z0U2mRIPW"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=RdGqZAQnU9d7sPgAum59k8gK_tz2Rw2NTWerZYgsfXwU0a6MN5j2EBEpQYsNjT0fV1_sG6
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=TdO7KqEg3Gse4S6aahsv6GEr2GJo7iWMdmTph89KZmxzCN8ZnPKjWOohr6OztGnZ3Ld329
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=W8Hm-8HKCsYq8U3O1iAYUtb-cwWegNm8v-Ko-HNlDa-4ShAtCKoOx7LIpIZoHWDsxV8Evf
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHayD7nj1LtURfVrRwjakg7pox9L-rPcm0Y0qW3X4bqfSV3VYa
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHwjYTzNJJ9UrUHF6V2SI_J_0r9f9kDLJFcEAjkxcV6F
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHwjYTzNJJ9UrUHF6V2SI_J_0r9f9kDLJFcEAjkxcV6F"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_v73_J2dvkGepHu8Drwu9aKBenSddVi9olD7Ltd10Ka
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_v73_J2dvkGepHu8Drwu9aKBenSddVi9olD7Ltd10Ka"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=cKcKoI4GMmL2Jmceh8ii5brzKYV6LH9hxmU4dYWJJfSfeOdDLSB4I8qVFpiuCoCQ2L2m26
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=d-HTl_QqiwNLE0LAPZtzPtIbpLOMMPQvYm3AAH-KTLc63bE0j-FZphNrCSzqfuej
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=d-HTl_QqiwNLE0LAPZtzPtIbpLOMMPQvYm3AAH-KTLc63bE0j-FZphNrCSzqfuej"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=ddarUW5GV1whfpylp9rdAZ1N-q1wuYGpdvCYy41jCBHkosK9chGorZqKDly9yHV6EYuJjV
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=h2yrWxPsgpuxEAdA3WLoSUT7uI4v2P0t2KBiq3hW7HEr3mN1cU5aumc46KdAyLFN757eYj
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=h2yrWxPsgpuxEAdA3WLoSUT7uI4v2P0t2KBiq3hW7HFd02vVuxBjAPm8X8NMrT_TGLv4Hv
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=i-xZPgLVVBJNKG-eitvJT6l5680OifxmlF1bGSblltvvvNad4A11rN0PebtvXQNWzJyidR
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=i-xZPgLVVBJNKG-eitvJT7j0zJyR3VmVbSuCNl4H0V-34ZzP0OP-9adHdHdFdYbRobwBJn
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=mcYJPMu1eds8bD1zZK7l4LuOGRanyFriZjVBzDB_ATzJAIBaW5Ajf29If8QqxXipMWCbFS
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=nPR7hA6Ni3mxszGQzStQBOMCrTRDV5NnkAtLX5yDX1q
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=nPR7hA6Ni3mxszGQzStQBOMCrTRDV5NnkAtLX5yDX1q"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=rPXG3Lfdt1tzHgZtYhkW_4wu6QfecMExYLtaCZRQAc_1_kTazETPrOvgeAL2DzVwDjg_cb
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=suz8zVAiw2CXJTvNJ0THYYiiWJSyvf-ix-gLGzTtVFNBJ9sEh7NP2xHcLlIdHzv-
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=suz8zVAiw2CXJTvNJ0THYYiiWJSyvf-ix-gLGzTtVFNBJ9sEh7NP2xHcLlIdHzv-"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=tbnLOnOAIgsvXyckDtCBtxZd-6zyqdYA17G5UYnC8ZGFYR-cr2k2Urf8zEMQ_iCp
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=tbnLOnOAIgsvXyckDtCBtxZd-6zyqdYA17G5UYnC8ZGFYR-cr2k2Urf8zEMQ_iCp"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=vq_bm87yezw1aGw6DW1gNR2hs-AhLQxEFnKTISLP_onUkbfMJfqp-Zs6ccdN0r0H_0KsQh
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=vq_bm87yezw1aGw6DW1gNR3QgL_1-_mSOHNadeRAorwUejTKjDdjekmk16iK4lrEtuiO1c
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=wBhrHv1Zs300_djsonfamrUwydVcElCManDh-1c8rs8yBtECuOhaqTVHzNDXZxODBm93Ub
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=wBhrHv1Zs300_djsonfamv4TuRCpAR-3EMt5bjSWhbxRGFXdMegiMF_JAQ5i2zFbGDQ5RZ
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zcEdmAqrTZl_1x2sIHR_KX0wClj9OD2nfZeQ1wUgeem
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zcEdmAqrTZl_1x2sIHR_KX0wClj9OD2nfZeQ1wUgeem"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zspy1N7aVThVo1pKm1brvWejXA87TtL_18nwGqxbDRy
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zspy1N7aVThVo1pKm1brvWejXA87TtL_18nwGqxbDRy"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/more/
Source: Fly.exe	String found in binary or memory: http://www.baidu.com/qnparamcidccp
Source: Fly.exe	String found in binary or memory: http://www.baidu.com/s?rsv_bp=0&rsv_sug3=8&ie=utf-8&inputT=7&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?wd=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4&amp;srcid=20826
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/search/jubao.html
Source: Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.comx
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.comx&
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000019
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.beijing-time.org/
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.bjjubao.org/
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.bnia.cn/
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberpolice.cn/wfjb/
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514107817.0000000005870000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlh
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF/
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comI.TTF
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comW.TTFU
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdito
Source: Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514107817.0000000005870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.come.com
Source: Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comeg
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comlvfet
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comp
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsief
Source: Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comtta
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comueo
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.291519002.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.itrust.org.cn/
Source: Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293003330.0000000005873000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/&
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/-no
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/.
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/C
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/L
Source: Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/La
Source: Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/g
Source: Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/i-f
Source: Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/U
Source: Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/p
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324520208.000000000ECD9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388087778.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388131802.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.387740787.000000000E5E7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324520208.000000000ECD9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388087778.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388131802.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com#
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comI
Source: Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comMmu?
Source: Fly.exe, 0000000A.00000003.387740787.000000000E5E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comdmu
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.coml
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comz
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295920301.0000000005888000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295313142.0000000005879000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.piyao.org.cn/yybgt/index.htm
Source: Fly.exe, 00000000.00000003.289712606.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Fly.exe, 00000000.00000003.294453564.00000000058BD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294371049.00000000058BD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.shdf.gov.cn/shdf/channels/740.html
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xapp.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xiaodu.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xueshu.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTa
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511443194.00000000030C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://a.sinaimg.cn/mintra/pic/2201190827/32aria.png
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://author.baidu.com/home/1598771601754961
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?fr=wwwt&q=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?fr=wwwt&q=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/api/second/video/list
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#1
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#3
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikebcs.bdimg.com/front-end/aladdin-san/bk-polysemy/video-close.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikebcs.bdimg.com/front-end/second-know/img/logo-small.png)
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikevideo.cdn.bcebos.com/media/mda-Ogt1EczOmPXU0VoI/d0773a6483bf29d52840aa6da1a4200d.mp4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://beian.miit.gov.cn
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://biaozhunshijian.bmcx.com/
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bkssl.bdimg.com/static/clickstream-mis/dist/static/js/index
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imgsrc.baidu.com/forum/pic/item/5d6034a85edf8db1a1b67bf50b23dd54574e7482.jpg
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://live.baidu.com/m/media/multipage/liveshow/index.html?room_id=7852114906&diff_type=preview
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://live.baidu.com/m/media/multipage/liveshow/index.html?room_id=7859109541&diff_type=preview
Source: Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383836635.000000000963A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://login.sina.com.cn/sso/login.php?
Source: Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?dresponse.retcodeh
Source: Fly.exe, 00000000.00000002.520004513.000000000BEAC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?https://passport.weibo.cn/signin/login?r=
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?response.retcode
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?newmap=1&ie=utf-8&s=s%26wd%3D%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?newmap=1&ie=utf-8&s=s%26wd%3D%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://marketing.hd.weibo.com/?fr=C003001_P001
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F
Source: Fly.exe, 0000000A.00000002.506539603.00000000008E4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://passport.wei
Source: Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513566864.0000000007178000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://passport.weibo.cn/signin/login?r=
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.cn/signin/login?r=window.locationwindow.location.href
Source: Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.cn/signin/login?r=window.locationwindow.location.hrefe
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/_WT
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf
Source: Fly.exe, 0000000A.00000002.514713644.00000000095DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf0
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf?
Source: Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfB
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfM
Source: Fly.exe, 0000000A.00000002.514713644.00000000095DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfZ
Source: Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfct
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116
Source: Fly.exe, 00000000.00000002.516283922.00000000089EA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513857977.000000000866E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116$a
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116%D
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116&
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116N
Source: Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116SE
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116aK
Source: Fly.exe, 00000000.00000002.517149679.0000000008B8F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.320424023.0000000008B8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/visitor/visio
Source: Fly.exe, 0000000A.00000002.521027674.000000000D848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2Fu%2F
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ppui-static-wap.cdn.bcebos.com/static/touch/css/api/mkdjump_c5b1aeb.css
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ppui-static-wap.cdn.bcebos.com/static/touch/js/mkdjump_db105ab.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/beijingtime/result_7f1f8dd
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-1_e908b9b.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-2_c4664df.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-3_726e422.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/result_c0cabc3
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bk_polysemy/result_a972617
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/recommend_list/result_d96a0d9
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/right_recommends_merge/result_b707173
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/right_toplist1/result_199dce9
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/se_com_default/result_0f678e1
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/tieba_general/result_badf204
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/bundles/es6-polyfill_5645e88.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/bundles/polyfill_9354efa.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.otf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.eot);src:url(https://ps
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont_90d4e9e.svg#iconfont)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.eot);s
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium_7fcf17
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.eot);src:url(https://pss.bdstatic.c
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont_b572317.svg#iconfont)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/arrow-bottom_a44a0c6.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/baiduappLogo_de45621.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/bao_02f5d40.svg);background-repeat:no-repeat;
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/favo_sprites_e33db52.png);background-repeat:n
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/feedback_add_photo_69ff822.png);background-re
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_441e82f.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_441e82f.png);_background-image:url(http
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_d5b04cc.gif)
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/nicon-2x_6258e1c.png);background-size:24px
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/nicon_10750f3.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc-bao-2-small_f609346.png);background-repeat
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc-bao_96f4fc0.png);background-size:140px
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc_direct_42d6311.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/qrcode_icon_ae03227.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/translate_tool_icon_57087b6.gif)
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/winlogo_e925689.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/js/all_async_search_c18b0e3.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_0c37e9b.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_0c37e9b.png);background-image:url(https:/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_809ae65.gif)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/sugbg_1762fe7.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/sugbg_90fc9cf.gif)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/lib/esl_5fec89f.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/footer/result_125dc2d
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/head-tab/result_c6dc16b
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/hint-float-ball-right/img/close_7bc47f9.pn
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/hint-float-ball-right/result_8da0d0c
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/rs/result_8f9fa1f
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/search-tool/result_43da777
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/plugins/every_cookie_4644b13.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/plugins/every_cookie_mac_82990d4.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/search-ui-pc/core_f7194c7
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/search-ui-pc/enhance_f636eb0
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/soutu/img/soutu_icons_new_8abaf8a.png)
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/tipbox/img/close-btn_364ba48.png);background-position:ce
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/basics/www_normal/new_safeicon_1668523461000.png
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/video/wiseindex/aa6eef91f8b5b1a33b454c401_1660835115000.png
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509965260.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511192946.0000000003064000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510501180.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/dmca/rightholders
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509965260.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511192946.0000000003064000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510501180.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/ecourt/index
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/ecourt/report
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511256960.0000000003000000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510101973.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/cm.gif
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/mwb2.gif
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511256960.0000000003000000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510101973.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/nocache/imgdata/seErrorRec.js
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t15.baidu.com/it/u=4252674505
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t8.baidu.com/it/u=1090988899
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=15482359
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=2109628096
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=2330579128
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=989233051
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f/good?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&tpl=5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&loc=rec&tids=7523245716
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&loc=rec
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&tpl=5&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDc
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/6059460842?fr=ala0&pstaala=3&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/6059460842?fr=ala0&pstaala=3&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7107775513?fr=ala0&pstaala=2&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7107775513?fr=ala0&pstaala=2&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7523245716?fr=ala0&pstaala=1&tpl=5&fid=26185&isgod=0
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7523245716?fr=ala0&pstaala=1&tpl=5&fid=26185&isgod=0
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/photo/g?kw=%B1%B1%BE%A9%CA%B1%BC%E4&tab=photo&fr=ala0&tpl=5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://top.baidu.com/board
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://top.baidu.com/board?platform=pc&sa=pcindex_a_right
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://voice.baidu.com/act/newpneumonia/newpneumonia/?from=osari_pc_1
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidD
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidDV
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10817109933923495798&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10900093220409163140&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11014826227946934943&ak=c27bbc89
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11345311754935230420&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11422619168985338296&ak=c27bbc89
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12001227830495893174&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12007799619952368652&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9671504690642123133&ak=c27bbc89a
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10783666990159526525&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10817109933923495798&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10900093220409163140&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11014826227946934943&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11345311754935230420&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11422619168985338296&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11778876901265594924&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11965745417723271228&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11975472745576054740&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12001227830495893174&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12007799619952368652&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9020643541988371491&ak=c27bbc89afca04636
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9671504690642123133&ak=c27bbc89afca04636
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/machine/js/api/mkd.js
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comP
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comPz
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comt
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comx
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comx&
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/V
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/Z
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/aj/static/publications_license.html
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/jiushixiao
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513566864.0000000007178000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://weibo.com/login.php
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/V
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/sorry?sysbusy
Source: Fly.exe, 0000000A.00000002.512930441.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389
Source: visitor[1].htm.10.dr	String found in binary or memory: https://weibo.com/u/5389088204
Source: Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389088204:
Source: Fly.exe, 00000000.00000002.520004513.000000000BEAC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389088204https://weibo.com/login.php6
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.comx&
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.12377.cn/
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509236637.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511210615.0000000003074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/img/baidu.svg
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?&wd=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?rtt=1&bsst=1&cl=2&tn=news&ie=utf-8&word=%E5%8C%97%E4%BA%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?rtt=1&bsst=1&cl=2&tn=news&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/search/error.html
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comH
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHNq
Source: Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHb
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHj
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comH~$
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comx&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/US/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/jb.html
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/riqi.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/shizhong.html
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/time15.asp
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/worldtime.htm
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.btime.com/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hao123.com
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521440243.000000000E5D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/-
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys//
Source: Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/Bmu0
Source: Fly.exe, 0000000A.00000002.521440243.000000000E5D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/D
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/E
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/G
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/U
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/c
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/de
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/e
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/rs
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/rss

Source: C:\Users\user\Desktop\Fly.exe

Code function: 0_2_00A9A09A recv,

0_2_00A9A09A

Installs a global mouse hook

Source: C:\Users\user\Desktop\Fly.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dll

Jump to behavior

Uses 32bit PE files

Source: Fly.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Detected potential crypto function

Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40070	0_2_04C40070
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40CF8	0_2_04C40CF8
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40CE6	0_2_04C40CE6
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850070	10_2_02850070
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850CF8	10_2_02850CF8
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850CE6	10_2_02850CE6

Sample file is different than original file name gathered from version info

Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejscript9.dll.muiD vs Fly.exe
Source: Fly.exe, 00000000.00000000.241103349.0000000000476000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameFlyWorldR.exe4 vs Fly.exe
Source: Fly.exe, 00000000.00000000.240963626.0000000000385000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe, 00000000.00000000.240854863.0000000000282000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe	Binary or memory string: OriginalFilenameFlyWorldR.exe4 vs Fly.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\Fly.exe	Section loaded: security.dll			Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: security.dll			Jump to behavior

Source: Fly.exe	ReversingLabs: Detection: 76%
Source: Fly.exe	Virustotal: Detection: 60%

Source: Fly.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Fly.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Fly.exe C:\Users\user\Desktop\Fly.exe
Source: unknown	Process created: C:\Users\user\Desktop\Fly.exe "C:\Users\user\Desktop\Fly.exe"

Source: C:\Users\user\Desktop\Fly.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04D05E1A AdjustTokenPrivileges,	0_2_04D05E1A
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04D05DE3 AdjustTokenPrivileges,	0_2_04D05DE3
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_04E65B52 AdjustTokenPrivileges,	10_2_04E65B52
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_04E65B1B AdjustTokenPrivileges,	10_2_04E65B1B

Source: C:\Users\user\Desktop\Fly.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4

Jump to behavior

Source: classification engine

Classification label: mal64.troj.winEXE@2/7@0/11

Source: Fly.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.51%
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe	Mutant created: \Sessions\1\BaseNamedObjects\StreamBaby_NewForm
Source: C:\Users\user\Desktop\Fly.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: Fly.exe, SymmetricMethod.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.Fly.exe.280000.0.unpack, SymmetricMethod.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: Fly.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Fly.exe

Static file information: File size 2102272 > 1048576

Source: Fly.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Fly.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1fe400

Source: Fly.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Fly.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdbX source: Fly.exe
Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdb source: Fly.exe
Source:	Binary string: d:\code\other\StreamBaby20151029\FlyWorldR\obj\x86\Debug\FlyWorldR.pdb source: Fly.exe

Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Fly.exe TID: 5124	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 5124	Thread sleep time: -172800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 4148	Thread sleep time: -9600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 4744	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 1260	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 1260	Thread sleep time: -172800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 912	Thread sleep time: -6000000s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\Fly.exe

Last function: Thread delayed

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Code function: 0_2_04D04642 GetSystemInfo,

0_2_04D04642

Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior

Source: Fly.exe, 0000000A.00000002.507633512.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWom
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Enables debug privileges

Source: C:\Users\user\Desktop\Fly.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
36.51.226.13	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
36.51.226.12	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
36.51.224.27	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
103.235.46.40	unknown	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
119.63.197.139	unknown	Japan	38627	BAIDUJPBaiduIncJP	false
14.215.177.38	unknown	China	58466	CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
123.57.239.185	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
103.235.46.250	unknown	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
103.235.46.116	unknown	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false

Private

IP
192.168.2.1

AV Detection

Multi AV Scanner detection for submitted file

Source: Fly.exe	ReversingLabs: Detection: 76%
Source: Fly.exe	Virustotal: Detection: 60%			Perma Link

Antivirus / Scanner detection for submitted sample

Source: Fly.exe	Avira: detected
Source: Fly.exe	Avira: detected

Machine Learning detection for sample

Source: Fly.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 0.0.Fly.exe.294054.1.unpack	Avira: Label: TR/Taranis.1102
Source: 0.0.Fly.exe.280000.0.unpack	Avira: Label: TR/Taranis.1102
Source: 0.0.Fly.exe.280000.0.unpack	Avira: Label: TR/Taranis.1102

Uses 32bit PE files

Source: Fly.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Fly.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdbX source: Fly.exe
Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdb source: Fly.exe
Source:	Binary string: d:\code\other\StreamBaby20151029\FlyWorldR\obj\x86\Debug\FlyWorldR.pdb source: Fly.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43F85h	0_2_04C43D3F
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43AB2h	0_2_04C43A00
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 04C43AB2h	0_2_04C43A10
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 00000098h	0_2_0D264790
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853F85h	10_2_02853D3F
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853AB2h	10_2_02853A00
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then jmp 02853AB2h	10_2_02853A10
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 58h	10_2_0CBA4ED0
Source: C:\Users\user\Desktop\Fly.exe	Code function: 4x nop then sub esp, 58h	10_2_0CBA4EC0

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Fly.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fly.exe.280000.0.unpack, type: UNPACKEDPE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 103.235.46.40 103.235.46.40
Source: Joe Sandbox View	IP Address: 103.235.46.40 103.235.46.40

Source: Fly.exe	String found in binary or memory: http://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d%M.%mGConfigTag&cid=?checksum=&checks
Source: Fly.exe	String found in binary or memory: http://%s/ts/f4/http://%s/ts/f3/http://%s/ts/f2.2/http://%s/ts/f7/http://%s/as/c/f9/http://%s/as/c/f
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://1.su.bdimg.com
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.23
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=add&userName=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=addgivescore&c=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=down&key=1_http://123.57.239.185/UpDo.ashx?type=down&key=2
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getgivescore&c=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getscore
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettext
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettextP
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=gettextchttp://123.57.239.185/UpDo.ashx?type=getscore&id=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/UpDo.ashx?type=getusercode&name=
Source: Fly.exe	String found in binary or memory: http://123.57.239.185/cfg.txt
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185:8081
Source: Fly.exe	String found in binary or memory: http://123.57.239.185:8081/VersionInfoManager2.aspx?type=getlasturl&softName=Fly
Source: Fly.exe	String found in binary or memory: http://123.57.239.185:8081/VersionInfoManager2.aspx?type=getlastversion&softName=Fly
Source: Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185x
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://123.57.239.185x&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://2.su.bdimg.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://28608.recommend_list.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://3.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://4.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://5.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://6.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://7.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.su.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.map.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.open.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://app.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b1.bdstatic.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b1.bdstatic.com/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b2.bdstatic.com/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bdimg.share.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/doc/shortcut.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/rili.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/riqi/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/riqi/daojishi.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/shicha/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bjtime.cn/user/login.asp
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.514767545.00000000095ED000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383671912.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://blog.deconcept.com/2006/01/11/getvariable-setvariable-crash-internet-explorer-flash-6/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.baidu.com/c.gif?t=0&q=%B1%B1%BE%A9%CA%B1%BC%E4&p=0&pn=1
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://code.google.com/p/swfobject/
Source: Fly.exe, 00000000.00000002.518245883.000000000BCAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dr.dh.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eclick.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ecma.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ecmb.bdimg.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f3.baidu.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://game.weibo.com/?bottomnav=1&wvr=6
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fgips2.baidu.com%2Fit%2Fu%3D266262691%2C3660801848%26f
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fpics2.baidu.com%2Ffeed%2F1ad5ad6eddc451da85c7a1a25839
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=http%3A%2F%2Fpics6.baidu.com%2Ffeed%2F472309f7905298221fdd30599ef2
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbaikebcs.bdimg.com%2Fbaike-icon.png&refer=http%3
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbaikebcs.bdimg.com%2Fbaike-icon.png&refer=http%3A%2F
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fbkimg.cdn.bcebos.com%2Fsmart%2F8644ebf81a4c510f0527b
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fgips0.baidu.com%2Fit%2Fu%3D2260621858%2C2467994607%2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gimg3.baidu.com/search/src=https%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F5d6034a85edf
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips0.baidu.com/it/u=2679461647
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips0.baidu.com/it/u=3063777129
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips2.baidu.com/it/u=266262691
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gips2.baidu.com/it/u=3820154248
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://graph.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hdpreload.baidu.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.baidu.com/question
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i7.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i8.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i9.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=utf-8&dyTabStr=MCwyLDEsN
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=utf-8&dyTabStr=MCwyLDYsM
Source: Fly.exe	String found in binary or memory: http://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_
Source: Fly.exe	String found in binary or memory: http://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_
Source: Fly.exe	String found in binary or memory: http://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ir.weibo.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jianyi.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://kankan.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/china/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/france_paris/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/japan_tokyo/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://m.tools.manmankan.com/shijian/south-korea/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://map.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://news.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nsclick.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nsclick.baidu.com/v.gif?pid=315&rsv_yc_log=3&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://olime.baidu.com
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baid
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510523459.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?
Source: Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-116636855P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1189179503P
Source: Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1203931028P
Source: Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1238841827P
Source: Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1393796328P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1430950788P
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1504103626P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1587685878P
Source: Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1686055535P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1786656532P
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1923039153P
Source: Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1932009544P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-1982673588P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-230144334P
Source: Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-476747791P
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-657294465P
Source: Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?-841590707P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1054374455P
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1167635074P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1209366569P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?124324289P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1355428746P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510523459.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1395537891P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1512711376P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1534392538P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1584678096P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511210615.0000000003074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1776475766P
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?1880054304P
Source: Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?2062632002P
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?2120196423P
Source: Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?395646536P
Source: Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?75032074P
Source: Fly.exe	String found in binary or memory: http://open.baidu.com/special/time/?7baidu_time
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?809387345P
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.com/special/time/?855175349P
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509170108.0000000002DC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://open.baidu.comx&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://opendata.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://p.qiao.baidu.com
Source: Fly.exe, 00000000.00000003.320383378.000000000BCFC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518495404.000000000BCFF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507633512.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/
Source: Fly.exe, 00000000.00000002.516275040.00000000089E8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513843539.000000000866C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/0_
Source: Fly.exe, 0000000A.00000003.383822155.000000000962A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://passport.weibo.com/LMEMH
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://qingting.baidu.com/index
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s.share.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bds
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bdsta
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.bdstatic.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sclick.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sclick.baidu.com/w.gif
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sensearch.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sestat.baidu.com
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383671912.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://simg.sinajs.cn/blog7swf/suppercookie.swf
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://sjs.sinajs.cn/blog7swf/fonts.swf
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ss.bdimg.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://suggestion.baidu.com/su
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t1.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=1337948103
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=1472401995
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=2824854462
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=3648037599
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=3818340645
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t10.baidu.com/it/u=961292679
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t11.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t11.baidu.com/it/u=1869138868
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=1111148001
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=136926827
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=2225597996
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=2732137085
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t12.baidu.com/it/u=3949392299
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t2.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t3.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=1090988899
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=4039794314
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t8.baidu.com/it/u=647907479
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t9.baidu.com/it/u=1145209857
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://t9.baidu.com/it/u=2330579128
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tag.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&kw=%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&kw=%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&kw=%E5%8C%97%E4%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tieba.baidu.com/f?fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&kw=%E5%8C%97%E4%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://time.tianqi.com/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://time.tianqi.com/beijing/?_t_t_t=0.19692036100158394
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://trust.baidu.com/vstar/official/intro?type=gw
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://v.baidu.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://v.baidu.com/v?ct=301989888&rn=20&pn=0&db=0&s=25&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://vse.baidu.com
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wappass.baidu.com
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511443194.00000000030C8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511804273.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/5925617199/IFyQQxwKH?from=page_1006065925617199_profile&wvr=6&mod=weibotime
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508399117.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/jiushixiao(
Source: Fly.exe	String found in binary or memory: http://weibo.com/jiushixiao;http://123.57.239.185/cff.txt
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/n/
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/o
Source: Fly.exe	String found in binary or memory: http://weibo.com/u/5389088204
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/u/5389088204O
Source: Fly.exe, 0000000A.00000002.507607536.0000000000AA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/u/5389088204fdw
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weibo.comx&
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw4LDcsOQ%3D%3D&word=%E5%
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wenku.baidu.com/search?lm=0&od=0&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDcsOQ%3D%3D&word=%E5%
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://whzf.beijing.gov.cn/
Source: Fly.exe, 00000000.00000003.299905099.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300111527.0000000005894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.agfamonotype.
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/gaoji/preferences.html
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=2eG4qfWnnerkqC3nz9HzT5zk_FGwXMiAr5UE8-D4YNnJyJ801hbnB6FMmBKdSQ1w
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=2eG4qfWnnerkqC3nz9HzT5zk_FGwXMiAr5UE8-D4YNnJyJ801hbnB6FMmBKdSQ1w"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=7IveK5rsBvu4OAAqF0aXL0UwdPkqaGiq4lEhm3NKwH0GsIQA7-WSYJjsspHcqHwG
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=7IveK5rsBvu4OAAqF0aXL0UwdPkqaGiq4lEhm3NKwH0GsIQA7-WSYJjsspHcqHwG"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=ByhP8f3BSCCjDNcAWWy-BATZ7uc5jHDksrg_lQbRCezsDZcWTCM9JXpKxDLl24C-BqCHpp
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Hxar8uWEKoSbf2el-5smp4tpmjNFGlLtxeh30nmGodbfotYLLZxJR2m17Zd2lraFFv-6pA
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Nr0-SlX3e2FdWuw2L3jnV6ExUczOVvE_yvXt2Mgeg05glPipO1SKZvQ7uh6Kt0S2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=Nr0-SlX3e2FdWuw2L3jnV6ExUczOVvE_yvXt2Mgeg05glPipO1SKZvQ7uh6Kt0S2"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=O75-vTtnp3huuoviIO54HdNFy0CtM6gy04VBrYYGzl9cclRGLKFJIn_Z0U2mRIPW
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=O75-vTtnp3huuoviIO54HdNFy0CtM6gy04VBrYYGzl9cclRGLKFJIn_Z0U2mRIPW"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=RdGqZAQnU9d7sPgAum59k8gK_tz2Rw2NTWerZYgsfXwU0a6MN5j2EBEpQYsNjT0fV1_sG6
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=TdO7KqEg3Gse4S6aahsv6GEr2GJo7iWMdmTph89KZmxzCN8ZnPKjWOohr6OztGnZ3Ld329
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=W8Hm-8HKCsYq8U3O1iAYUtb-cwWegNm8v-Ko-HNlDa-4ShAtCKoOx7LIpIZoHWDsxV8Evf
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHayD7nj1LtURfVrRwjakg7pox9L-rPcm0Y0qW3X4bqfSV3VYa
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHwjYTzNJJ9UrUHF6V2SI_J_0r9f9kDLJFcEAjkxcV6F
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_2Wqr6NSUl-llXaLzAo3SHwjYTzNJJ9UrUHF6V2SI_J_0r9f9kDLJFcEAjkxcV6F"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_v73_J2dvkGepHu8Drwu9aKBenSddVi9olD7Ltd10Ka
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=_v73_J2dvkGepHu8Drwu9aKBenSddVi9olD7Ltd10Ka"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=cKcKoI4GMmL2Jmceh8ii5brzKYV6LH9hxmU4dYWJJfSfeOdDLSB4I8qVFpiuCoCQ2L2m26
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=d-HTl_QqiwNLE0LAPZtzPtIbpLOMMPQvYm3AAH-KTLc63bE0j-FZphNrCSzqfuej
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=d-HTl_QqiwNLE0LAPZtzPtIbpLOMMPQvYm3AAH-KTLc63bE0j-FZphNrCSzqfuej"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=ddarUW5GV1whfpylp9rdAZ1N-q1wuYGpdvCYy41jCBHkosK9chGorZqKDly9yHV6EYuJjV
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=h2yrWxPsgpuxEAdA3WLoSUT7uI4v2P0t2KBiq3hW7HEr3mN1cU5aumc46KdAyLFN757eYj
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=h2yrWxPsgpuxEAdA3WLoSUT7uI4v2P0t2KBiq3hW7HFd02vVuxBjAPm8X8NMrT_TGLv4Hv
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=i-xZPgLVVBJNKG-eitvJT6l5680OifxmlF1bGSblltvvvNad4A11rN0PebtvXQNWzJyidR
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=i-xZPgLVVBJNKG-eitvJT7j0zJyR3VmVbSuCNl4H0V-34ZzP0OP-9adHdHdFdYbRobwBJn
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=mcYJPMu1eds8bD1zZK7l4LuOGRanyFriZjVBzDB_ATzJAIBaW5Ajf29If8QqxXipMWCbFS
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=nPR7hA6Ni3mxszGQzStQBOMCrTRDV5NnkAtLX5yDX1q
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=nPR7hA6Ni3mxszGQzStQBOMCrTRDV5NnkAtLX5yDX1q"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=rPXG3Lfdt1tzHgZtYhkW_4wu6QfecMExYLtaCZRQAc_1_kTazETPrOvgeAL2DzVwDjg_cb
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=suz8zVAiw2CXJTvNJ0THYYiiWJSyvf-ix-gLGzTtVFNBJ9sEh7NP2xHcLlIdHzv-
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=suz8zVAiw2CXJTvNJ0THYYiiWJSyvf-ix-gLGzTtVFNBJ9sEh7NP2xHcLlIdHzv-"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=tbnLOnOAIgsvXyckDtCBtxZd-6zyqdYA17G5UYnC8ZGFYR-cr2k2Urf8zEMQ_iCp
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=tbnLOnOAIgsvXyckDtCBtxZd-6zyqdYA17G5UYnC8ZGFYR-cr2k2Urf8zEMQ_iCp"
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=vq_bm87yezw1aGw6DW1gNR2hs-AhLQxEFnKTISLP_onUkbfMJfqp-Zs6ccdN0r0H_0KsQh
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=vq_bm87yezw1aGw6DW1gNR3QgL_1-_mSOHNadeRAorwUejTKjDdjekmk16iK4lrEtuiO1c
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=wBhrHv1Zs300_djsonfamrUwydVcElCManDh-1c8rs8yBtECuOhaqTVHzNDXZxODBm93Ub
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=wBhrHv1Zs300_djsonfamv4TuRCpAR-3EMt5bjSWhbxRGFXdMegiMF_JAQ5i2zFbGDQ5RZ
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zcEdmAqrTZl_1x2sIHR_KX0wClj9OD2nfZeQ1wUgeem
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zcEdmAqrTZl_1x2sIHR_KX0wClj9OD2nfZeQ1wUgeem"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zspy1N7aVThVo1pKm1brvWejXA87TtL_18nwGqxbDRy
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/link?url=zspy1N7aVThVo1pKm1brvWejXA87TtL_18nwGqxbDRy"
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/more/
Source: Fly.exe	String found in binary or memory: http://www.baidu.com/qnparamcidccp
Source: Fly.exe	String found in binary or memory: http://www.baidu.com/s?rsv_bp=0&rsv_sug3=8&ie=utf-8&inputT=7&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?wd=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4&amp;srcid=20826
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509129192.0000000002DBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/search/jubao.html
Source: Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.comx
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.comx&
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000019
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.beijing-time.org/
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.bjjubao.org/
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.bnia.cn/
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberpolice.cn/wfjb/
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514107817.0000000005870000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlh
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF/
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comI.TTF
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comW.TTFU
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdito
Source: Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514107817.0000000005870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.come.com
Source: Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comeg
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295792247.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comlvfet
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comp
Source: Fly.exe, 00000000.00000003.297252125.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsief
Source: Fly.exe, 00000000.00000003.300149633.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.300052734.0000000005882000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comtta
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comueo
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.291519002.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.itrust.org.cn/
Source: Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293003330.0000000005873000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/&
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/-no
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/.
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/C
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/L
Source: Fly.exe, 00000000.00000003.294402047.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/La
Source: Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Fly.exe, 00000000.00000003.293257093.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/g
Source: Fly.exe, 00000000.00000003.293463345.0000000005877000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293330636.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/i-f
Source: Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/U
Source: Fly.exe, 00000000.00000003.293861407.000000000587C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.293975210.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294170256.000000000587E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/p
Source: Fly.exe, 00000000.00000003.293684911.000000000587D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324520208.000000000ECD9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388087778.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388131802.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.387740787.000000000E5E7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324520208.000000000ECD9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388087778.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.388131802.000000000E5EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com#
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comI
Source: Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comMmu?
Source: Fly.exe, 0000000A.00000003.387740787.000000000E5E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comdmu
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.coml
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.comz
Source: Fly.exe, 00000000.00000003.296738977.0000000005882000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295920301.0000000005888000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295650484.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296320643.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.296547213.000000000587E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.295313142.0000000005879000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: Fly.exe, 00000000.00000003.320304429.000000000BCBE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.318921566.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516036773.000000000BB40000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383755115.0000000009605000.00000004.00000800.00020000.00000000.sdmp, mini_original[1].js.0.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.piyao.org.cn/yybgt/index.htm
Source: Fly.exe, 00000000.00000003.289712606.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Fly.exe, 00000000.00000003.294453564.00000000058BD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.294371049.00000000058BD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.shdf.gov.cn/shdf/channels/740.html
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Fly.exe, 00000000.00000002.514684274.0000000006BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xapp.baidu.com
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xiaodu.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xueshu.baidu.com
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTa
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTabStr=MCwyLDEsNiwzLDQsNSw
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt&ie=utf-8&dyTabStr=MCwyLDYsMSwzLDQsNSw
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511443194.00000000030C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://a.sinaimg.cn/mintra/pic/2201190827/32aria.png
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://author.baidu.com/home/1598771601754961
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?fr=wwwt&q=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://b2b.baidu.com/s?fr=wwwt&q=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/api/second/video/list
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#1
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#2
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#3
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baike.baidu.com/item/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4/410384?fr=aladdin#5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikebcs.bdimg.com/front-end/aladdin-san/bk-polysemy/video-close.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikebcs.bdimg.com/front-end/second-know/img/logo-small.png)
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baikevideo.cdn.bcebos.com/media/mda-Ogt1EczOmPXU0VoI/d0773a6483bf29d52840aa6da1a4200d.mp4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://beian.miit.gov.cn
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://biaozhunshijian.bmcx.com/
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bkssl.bdimg.com/static/clickstream-mis/dist/static/js/index
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imgsrc.baidu.com/forum/pic/item/5d6034a85edf8db1a1b67bf50b23dd54574e7482.jpg
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://live.baidu.com/m/media/multipage/liveshow/index.html?room_id=7852114906&diff_type=preview
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://live.baidu.com/m/media/multipage/liveshow/index.html?room_id=7859109541&diff_type=preview
Source: Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383836635.000000000963A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://login.sina.com.cn/sso/login.php?
Source: Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?dresponse.retcodeh
Source: Fly.exe, 00000000.00000002.520004513.000000000BEAC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?https://passport.weibo.cn/signin/login?r=
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php?response.retcode
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?newmap=1&ie=utf-8&s=s%26wd%3D%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://map.baidu.com/?newmap=1&ie=utf-8&s=s%26wd%3D%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://marketing.hd.weibo.com/?fr=C003001_P001
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F
Source: Fly.exe, 0000000A.00000002.506539603.00000000008E4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://passport.wei
Source: Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513566864.0000000007178000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://passport.weibo.cn/signin/login?r=
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.cn/signin/login?r=window.locationwindow.location.href
Source: Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.cn/signin/login?r=window.locationwindow.location.hrefe
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/_WT
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf
Source: Fly.exe, 0000000A.00000002.514713644.00000000095DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf0
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swf?
Source: Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfB
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfM
Source: Fly.exe, 0000000A.00000002.514713644.00000000095DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfZ
Source: Fly.exe, 0000000A.00000002.513581986.000000000717D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/images/visitor/fonts.swfct
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116
Source: Fly.exe, 00000000.00000002.516283922.00000000089EA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513857977.000000000866E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116$a
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116%D
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116&
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116N
Source: Fly.exe, 0000000A.00000002.513113505.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116SE
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/js/visitor/mini_original.js?v=20161116aK
Source: Fly.exe, 00000000.00000002.517149679.0000000008B8F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.320424023.0000000008B8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/visitor/visio
Source: Fly.exe, 0000000A.00000002.521027674.000000000D848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2Fu%2F
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ppui-static-wap.cdn.bcebos.com/static/touch/css/api/mkdjump_c5b1aeb.css
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ppui-static-wap.cdn.bcebos.com/static/touch/js/mkdjump_db105ab.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/beijingtime/result_7f1f8dd
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-1_e908b9b.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-2_c4664df.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/img/vip-3_726e422.png);
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bjh_addressing/result_c0cabc3
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/bk_polysemy/result_a972617
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/recommend_list/result_d96a0d9
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/right_recommends_merge/result_b707173
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/right_toplist1/result_199dce9
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/se_com_default/result_0f678e1
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/aladdin-san/app/tieba_general/result_badf204
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/bundles/es6-polyfill_5645e88.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/bundles/polyfill_9354efa.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.otf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/baidu-number/BaiduNumber-Medium.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.eot);src:url(https://ps
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/cosmic-icon/iconfont_90d4e9e.svg#iconfont)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.eot);s
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/din-pro-cond-medium/DINPro-CondMedium_7fcf17
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.eot);src:url(https://pss.bdstatic.c
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.ttf)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.woff)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont.woff2)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/font/iconfont_b572317.svg#iconfont)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/arrow-bottom_a44a0c6.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/baiduappLogo_de45621.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/bao_02f5d40.svg);background-repeat:no-repeat;
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/favo_sprites_e33db52.png);background-repeat:n
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/feedback_add_photo_69ff822.png);background-re
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_441e82f.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_441e82f.png);_background-image:url(http
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/icons_d5b04cc.gif)
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/nicon-2x_6258e1c.png);background-size:24px
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/nicon_10750f3.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc-bao-2-small_f609346.png);background-repeat
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc-bao_96f4fc0.png);background-size:140px
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/pc_direct_42d6311.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/qrcode_icon_ae03227.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/translate_tool_icon_57087b6.gif)
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/img/winlogo_e925689.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/global/js/all_async_search_c18b0e3.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_0c37e9b.png)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_0c37e9b.png);background-image:url(https:/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/icons_809ae65.gif)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/sugbg_1762fe7.png)
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/home/img/sugbg_90fc9cf.gif)
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/lib/esl_5fec89f.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/footer/result_125dc2d
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/head-tab/result_c6dc16b
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/hint-float-ball-right/img/close_7bc47f9.pn
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/hint-float-ball-right/result_8da0d0c
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/rs/result_8f9fa1f
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/molecules/app/search-tool/result_43da777
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/plugins/every_cookie_4644b13.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/plugins/every_cookie_mac_82990d4.js
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/search-ui-pc/core_f7194c7
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/search-ui-pc/enhance_f636eb0
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/soutu/img/soutu_icons_new_8abaf8a.png)
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pss.bdstatic.com/r/www/cache/static/tipbox/img/close-btn_364ba48.png);background-position:ce
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/basics/www_normal/new_safeicon_1668523461000.png
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://psstatic.cdn.bcebos.com/video/wiseindex/aa6eef91f8b5b1a33b454c401_1660835115000.png
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509965260.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511192946.0000000003064000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510501180.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/dmca/rightholders
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510457652.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509965260.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509541089.0000000002DAF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508985597.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510565016.0000000002EEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511894731.0000000003193000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509473896.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511192946.0000000003064000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510501180.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/ecourt/index
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://service.account.weibo.com/ecourt/report
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511256960.0000000003000000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510101973.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/cm.gif
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/mwb2.gif
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510583027.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511256960.0000000003000000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511287927.000000000300A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510101973.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.510176879.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511914268.00000000031A3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510369228.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511658368.0000000003127000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/nocache/imgdata/seErrorRec.js
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t15.baidu.com/it/u=4252674505
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t8.baidu.com/it/u=1090988899
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=15482359
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=2109628096
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=2330579128
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t9.baidu.com/it/u=989233051
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f/good?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&tpl=5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&loc=rec&tids=7523245716
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&loc=rec
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/f?kw=%B1%B1%BE%A9%CA%B1%BC%E4&fr=ala0&tpl=5&dyTabStr=MCwyLDYsMSwzLDQsNSw4LDc
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/6059460842?fr=ala0&pstaala=3&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/6059460842?fr=ala0&pstaala=3&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7107775513?fr=ala0&pstaala=2&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7107775513?fr=ala0&pstaala=2&tpl=5&fid=26185
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7523245716?fr=ala0&pstaala=1&tpl=5&fid=26185&isgod=0
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/p/7523245716?fr=ala0&pstaala=1&tpl=5&fid=26185&isgod=0
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tieba.baidu.com/photo/g?kw=%B1%B1%BE%A9%CA%B1%BC%E4&tab=photo&fr=ala0&tpl=5
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://top.baidu.com/board
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://top.baidu.com/board?platform=pc&sa=pcindex_a_right
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://voice.baidu.com/act/newpneumonia/newpneumonia/?from=osari_pc_1
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidD
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidDV
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10817109933923495798&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10900093220409163140&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11014826227946934943&ak=c27bbc89
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11345311754935230420&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11422619168985338296&ak=c27bbc89
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12001227830495893174&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12007799619952368652&ak=c27bbc89
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9671504690642123133&ak=c27bbc89a
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10783666990159526525&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10817109933923495798&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.509869007.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=10900093220409163140&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11014826227946934943&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11345311754935230420&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.511584234.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11422619168985338296&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11778876901265594924&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11965745417723271228&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=11975472745576054740&ak=c27bbc89afca0463
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12001227830495893174&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=12007799619952368652&ak=c27bbc89afca0463
Source: Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9020643541988371491&ak=c27bbc89afca04636
Source: Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/captcha/tuxing.html?&logid=9671504690642123133&ak=c27bbc89afca04636
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.com/static/machine/js/api/mkd.js
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comP
Source: Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comPz
Source: Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comt
Source: Fly.exe, 0000000A.00000002.511004088.000000000301C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comx
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wappass.baidu.comx&
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/V
Source: Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/Z
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/aj/static/publications_license.html
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/jiushixiao
Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.517039190.0000000008B6C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.518525473.000000000BD07000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383723518.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383883120.0000000007173000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000003.383872206.000000000716C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.516578396.000000000BBEB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513566864.0000000007178000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.507715684.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, visitor[1].htm.0.dr, visitor[1].htm.10.dr	String found in binary or memory: https://weibo.com/login.php
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/n/V
Source: Fly.exe, 0000000A.00000002.511110891.000000000303C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/sorry?sysbusy
Source: Fly.exe, 0000000A.00000002.512930441.0000000005ACD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389
Source: visitor[1].htm.10.dr	String found in binary or memory: https://weibo.com/u/5389088204
Source: Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389088204:
Source: Fly.exe, 00000000.00000002.520004513.000000000BEAC000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.515791261.000000000B904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/u/5389088204https://weibo.com/login.php6
Source: Fly.exe, 00000000.00000002.509347625.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509909089.0000000002E17000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509300191.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.comx&
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.12377.cn/
Source: Fly.exe, 00000000.00000002.509645848.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509202528.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509999335.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510613788.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509236637.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511210615.0000000003074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509541573.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.509719269.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510732555.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511769677.0000000003152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/img/baidu.svg
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?&wd=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?rtt=1&bsst=1&cl=2&tn=news&ie=utf-8&word=%E5%8C%97%E4%BA%
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/s?rtt=1&bsst=1&cl=2&tn=news&ie=utf-8&word=%E5%8C%97%E4%BA%AC%E6%97%B6%E9%97%B4
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/search/error.html
Source: Fly.exe, 00000000.00000002.510915770.0000000002F8A000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511048111.0000000002FB3000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.510103278.0000000002EE5000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511321251.0000000003097000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.511685187.0000000003131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comH
Source: Fly.exe, 00000000.00000002.510664977.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHNq
Source: Fly.exe, 00000000.00000002.510380512.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHb
Source: Fly.exe, 00000000.00000002.511142197.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comHj
Source: Fly.exe, 0000000A.00000002.510891973.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comH~$
Source: Fly.exe, 00000000.00000002.508378594.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509777214.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.509052765.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.508428294.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.comx&
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/US/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/jb.html
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/riqi.htm
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/shizhong.html
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/time15.asp
Source: Fly.exe, 00000000.00000002.513292849.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.beijing-time.org/worldtime.htm
Source: Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.btime.com/
Source: Fly.exe, 00000000.00000002.511360129.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.512971794.0000000003EDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hao123.com
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521440243.000000000E5D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/-
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys//
Source: Fly.exe, 0000000A.00000002.520983510.000000000D840000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/Bmu0
Source: Fly.exe, 0000000A.00000002.521440243.000000000E5D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/D
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/E
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/G
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/U
Source: Fly.exe, 00000000.00000002.521984222.000000000C3D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/c
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/de
Source: Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/e
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 00000000.00000002.582590759.000000000ECC7000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.521489573.000000000E5D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/rs
Source: Fly.exe, 00000000.00000003.324600279.000000000ECC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/rss

Source: C:\Users\user\Desktop\Fly.exe

Code function: 0_2_00A9A09A recv,

0_2_00A9A09A

Installs a global mouse hook

Source: C:\Users\user\Desktop\Fly.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dll

Jump to behavior

Uses 32bit PE files

Source: Fly.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Detected potential crypto function

Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40070	0_2_04C40070
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40CF8	0_2_04C40CF8
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04C40CE6	0_2_04C40CE6
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850070	10_2_02850070
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850CF8	10_2_02850CF8
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_02850CE6	10_2_02850CE6

Sample file is different than original file name gathered from version info

Source: Fly.exe, 00000000.00000002.514408829.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejscript9.dll.muiD vs Fly.exe
Source: Fly.exe, 00000000.00000000.241103349.0000000000476000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameFlyWorldR.exe4 vs Fly.exe
Source: Fly.exe, 00000000.00000000.240963626.0000000000385000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe, 00000000.00000000.240854863.0000000000282000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe	Binary or memory string: OriginalFilenameMicrosoft4 vs Fly.exe
Source: Fly.exe	Binary or memory string: OriginalFilenameFlyWorldR.exe4 vs Fly.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\Fly.exe	Section loaded: security.dll			Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: security.dll			Jump to behavior

Source: Fly.exe	ReversingLabs: Detection: 76%
Source: Fly.exe	Virustotal: Detection: 60%

Source: Fly.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Fly.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Fly.exe C:\Users\user\Desktop\Fly.exe
Source: unknown	Process created: C:\Users\user\Desktop\Fly.exe "C:\Users\user\Desktop\Fly.exe"

Source: C:\Users\user\Desktop\Fly.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04D05E1A AdjustTokenPrivileges,	0_2_04D05E1A
Source: C:\Users\user\Desktop\Fly.exe	Code function: 0_2_04D05DE3 AdjustTokenPrivileges,	0_2_04D05DE3
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_04E65B52 AdjustTokenPrivileges,	10_2_04E65B52
Source: C:\Users\user\Desktop\Fly.exe	Code function: 10_2_04E65B1B AdjustTokenPrivileges,	10_2_04E65B1B

Source: C:\Users\user\Desktop\Fly.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4

Jump to behavior

Source: classification engine

Classification label: mal64.troj.winEXE@2/7@0/11

Source: Fly.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.51%
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe	Mutant created: \Sessions\1\BaseNamedObjects\StreamBaby_NewForm
Source: C:\Users\user\Desktop\Fly.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: Fly.exe, SymmetricMethod.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.Fly.exe.280000.0.unpack, SymmetricMethod.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: Fly.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: C:\Users\user\Desktop\Fly.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Fly.exe

Static file information: File size 2102272 > 1048576

Source: Fly.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Fly.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1fe400

Source: Fly.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Fly.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdbX source: Fly.exe
Source:	Binary string: \streambaby\trunk\StreamBaby\obj\x86\Debug\Fly.pdb source: Fly.exe
Source:	Binary string: d:\code\other\StreamBaby20151029\FlyWorldR\obj\x86\Debug\FlyWorldR.pdb source: Fly.exe

Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Fly.exe TID: 5124	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 5124	Thread sleep time: -172800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 4148	Thread sleep time: -9600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 4744	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 1260	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 1260	Thread sleep time: -172800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe TID: 912	Thread sleep time: -6000000s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\Fly.exe

Last function: Thread delayed

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Code function: 0_2_04D04642 GetSystemInfo,

0_2_04D04642

Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 86400000	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Thread delayed: delay time: 1200000	Jump to behavior

Source: Fly.exe, 0000000A.00000002.507633512.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWom
Source: Fly.exe, 00000000.00000002.516596341.0000000008ADE000.00000004.00000800.00020000.00000000.sdmp, Fly.exe, 0000000A.00000002.513138324.00000000070BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Enables debug privileges

Source: C:\Users\user\Desktop\Fly.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fly.exe	Queries volume information: C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Fly.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	752938
Product:	CloudBasic
Start time:	03:27:07
Start date:	24.11.2022
Sample:	Fly.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	b84de037868a4478d8fd2aa4eadab1ae
SHA1:	0c42d5822185a1183a8c7a25c301e80fbdf12033
SHA256:	47befc5c8d57f2b9b6da77ae1567b70d0603203b1de990392028b95b99783836
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.51%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\J1LNPTFW\passport.weibo[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\visitor[1].htm	HTML document, ISO-8859 text	3FDEE4FD400E3A39074F25D347A7B258	A4E8E74A947E744E012C2FE79E8D21CF26296BEF	F18458496154601DF7489073BB69EDC4C88DD9FBA42E375D9C19180CA71C040B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fonts[1].swf	Macromedia Flash data (compressed), version 10	7F755FE4C328A5A10F6BA722BB4CED60	72911F14F0B485F816B715949EDE89AC191A8855	BC09B9E08DE61043A9912B8EA27810501D93E8D0F4DC115FD93F4F19CE9BA1BE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mini_original[1].js	Unicode text, UTF-8 text, with very long lines (393), with CRLF line terminators	F6942A9D74452895CDB5BD0E72BE6F37	9D56E054A8314E52FEA3CB3B1CFC0554E3A92D89	A0DE06B1A50F1CF999F00E6DABEC9D75BD5672AE7EB683950D5AF23EB4456378
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\visitor[1].htm	HTML document, ISO-8859 text	3FDEE4FD400E3A39074F25D347A7B258	A4E8E74A947E744E012C2FE79E8D21CF26296BEF	F18458496154601DF7489073BB69EDC4C88DD9FBA42E375D9C19180CA71C040B
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (copy)	data	A31CC6F4190C1C1D64BDD6B361AD6836	AABC49A552E57A005A066D33B3660AAA9CDF7CFF	64C0D4D8246BB412D9A7EDA891D5E609714E32FC1A222489479AABCF25F02AD3
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx	data	A31CC6F4190C1C1D64BDD6B361AD6836	AABC49A552E57A005A066D33B3660AAA9CDF7CFF	64C0D4D8246BB412D9A7EDA891D5E609714E32FC1A222489479AABCF25F02AD3

Windows Analysis Report
Fly.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report Fly.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
Fly.exe