Loading ...

Play interactive tourEdit tour

Analysis Report sample.exe.exe

Overview

General Information

Sample Name:sample.exe.exe
Analysis ID:379239
MD5:ecbc4b40dcfec4ed1b2647b217da0441
SHA1:e08eb07c69d8fc8e75927597767288a21d6ed7f6
SHA256:878d5137e0c9a072c83c596b4e80f2aa52a8580ef214e5ba0d59daa5036a92f8
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Emotet
Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Found large amount of non-executed APIs
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification

Startup

  • System is w10x64
  • sample.exe.exe (PID: 4724 cmdline: 'C:\Users\user\Desktop\sample.exe.exe' MD5: ECBC4B40DCFEC4ED1B2647B217DA0441)
    • sample.exe.exe (PID: 772 cmdline: C:\Users\user\Desktop\sample.exe.exe MD5: ECBC4B40DCFEC4ED1B2647B217DA0441)
  • svchost.exe (PID: 3980 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • videowlan.exe (PID: 580 cmdline: C:\Windows\SysWOW64\videowlan.exe MD5: ECBC4B40DCFEC4ED1B2647B217DA0441)
    • videowlan.exe (PID: 5296 cmdline: C:\Windows\SysWOW64\videowlan.exe MD5: ECBC4B40DCFEC4ED1B2647B217DA0441)
  • svchost.exe (PID: 1748 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5848 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6020 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6096 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5480 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4904 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3012 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 5468 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 5448 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 7064 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6224 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5008 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6640 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6752 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wisvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
sample.exe.exeJoeSecurity_EmotetYara detected EmotetJoe Security
    sample.exe.exeEmotetEmotet Payloadkevoreilly
    • 0x16f0:$snippet1: FF 15 F8 C1 40 00 83 C4 0C 68 40 00 00 F0 6A 18
    • 0x1732:$snippet2: 6A 13 68 01 00 01 00 FF 15 C4 C0 40 00 85 C0

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000000.202634160.0000000000C51000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      00000003.00000002.204575479.0000000000C51000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000004.00000000.204137551.0000000000C51000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000001.00000002.204686591.0000000000C51000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            00000000.00000002.197198753.0000000000C51000.00000020.00020000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              4.2.videowlan.exe.c50000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                4.2.videowlan.exe.c50000.0.unpackEmotetEmotet Payloadkevoreilly
                • 0x16f0:$snippet1: FF 15 F8 C1 C5 00 83 C4 0C 68 40 00 00 F0 6A 18
                • 0x1732:$snippet2: 6A 13 68 01 00 01 00 FF 15 C4 C0 C5 00 85 C0
                1.2.sample.exe.exe.c50000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  1.2.sample.exe.exe.c50000.0.unpackEmotetEmotet Payloadkevoreilly
                  • 0x16f0:$snippet1: FF 15 F8 C1 C5 00 83 C4 0C 68 40 00 00 F0 6A 18
                  • 0x1732:$snippet2: 6A 13 68 01 00 01 00 FF 15 C4 C0 C5 00 85 C0
                  4.0.videowlan.exe.c50000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                    Click to see the 11 entries

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus / Scanner detection for submitted sampleShow sources
                    Source: sample.exe.exeAvira: detected
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: sample.exe.exeVirustotal: Detection: 78%Perma Link
                    Source: sample.exe.exeReversingLabs: Detection: 96%
                    Machine Learning detection for sampleShow sources
                    Source: sample.exe.exeJoe Sandbox ML: detected
                    Source: sample.exe.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                    Source: unknownHTTPS traffic detected: 167.114.153.153:443 -> 192.168.2.3:49752 version: TLS 1.2
                    Source: sample.exe.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: global trafficTCP traffic: 192.168.2.3:49725 -> 193.169.54.12:8080
                    Source: global trafficTCP traffic: 192.168.2.3:49737 -> 173.230.145.224:8080
                    Source: global trafficTCP traffic: 192.168.2.3:49740 -> 80.86.91.232:7080
                    Source: global trafficTCP traffic: 192.168.2.3:49753 -> 80.82.115.164:4143
                    Source: global trafficTCP traffic: 192.168.2.3:49754 -> 71.244.60.231:4143
                    Source: global trafficTCP traffic: 192.168.2.3:49760 -> 186.103.199.252:4143
                    Source: global trafficTCP traffic: 192.168.2.3:49762 -> 159.203.94.198:4143
                    Source: Joe Sandbox ViewIP Address: 178.62.39.238 178.62.39.238
                    Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 79.172.249.82:443Content-Length: 436Connection: Keep-AliveCache-Control: no-cacheData Raw: 7b 60 06 d1 44 a5 d6 e2 88 48 bf 43 38 5e e0 29 73 bc 94 ef 47 0e 26 50 73 f5 61 5e 1e fd ab c1 56 bb 26 46 4e bc a8 10 ae 67 12 4d 61 10 96 f7 9c 41 c4 71 4b 45 b0 27 b0 1d c3 d3 30 10 09 05 6c 57 7b c7 15 3e d8 72 b4 68 52 84 30 29 f3 d0 31 24 2f 16 54 8b 91 c3 8b 3b bc 0a 1b 1c ea 1d 69 cc ed 4f dd dd 75 7b 53 72 de 1a fe be 9a 32 49 68 da 46 5d 1b 5d 0b b4 b0 0b ca 0a 2e 91 5e d6 f1 2f f3 9e 5f 4d 3c 1d c2 e8 8f f0 e6 f1 cd c2 38 65 20 25 cc e3 2f 79 9e be 9c 0b b0 5a 77 9f 2d f8 f3 6b 14 41 a1 37 d9 ea 08 fe 01 53 94 98 35 d9 ae aa c9 7f ba 46 11 8d 4d 42 c2 d0 35 31 1d 11 e3 ef c1 e4 b1 2a 5e 52 2e 46 a1 2a 23 84 2c 3e 31 ff eb 6f f0 6c 89 46 28 5a c9 87 0d c7 05 74 29 52 f2 ac 3a 76 ca 32 37 b4 0f ec 2d df 3d bf 54 be 3a 03 fd c8 90 f8 09 15 0d 9f 8f 77 2d 93 58 c1 c8 b4 33 7f cc de 29 37 2f 26 f5 ca 2b d0 5d d8 dc f5 09 73 66 4d 68 0d d6 10 f1 50 56 df 5c 25 29 f2 7b e0 54 04 c9 36 88 07 b8 9d 4c d4 dc 64 c9 be e4 33 40 40 41 7b 0a 62 15 e0 ad 48 a7 85 ee bc 6b 25 93 dd a5 5e 68 d5 ea cb 1f 96 23 96 d1 66 1e af a7 d6 38 35 b5 a2 67 af 72 c4 00 16 5f 75 ad 1a 58 61 49 4b 2d f5 1f 9b 12 b6 14 2b cd 47 01 53 51 a8 18 a2 be 3c f2 b6 cb 11 7d 23 f5 0a b7 59 d2 c8 9f a3 0e 7d bf c0 e4 0f af a2 4d 48 e3 df 84 ce 33 f5 9e 92 eb 7b 30 0e c0 f6 d6 24 27 e1 a5 4f f6 0b 46 7c 59 26 73 68 1f Data Ascii: {`DHC8^)sG&Psa^V&FNgMaAqKE'0lW{>rhR0)1$/T;iOu{Sr2IhF]].^/_M<8e %/yZw-kA7S5FMB51*^R.F*#,>1olF(Zt)R:v27-=T:w-X3)7/&+]sfMhPV\%){T6Ld3@@A{bHk%^h#f85gr_uXaIK-+GSQ<}#Y}MH3{0$'OF|Y&sh
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 167.114.153.153Content-Length: 452Connection: Keep-AliveCache-Control: no-cacheData Raw: 51 a6 7d 82 5d 0e c0 4e ed 0c 27 aa 8c 7b f7 0e 82 df 35 5e 05 91 ba 3e f3 2f 98 65 aa a6 22 0c bf 53 c7 96 fd 6d fe c4 ea c5 9a b0 0b 17 15 eb e2 d0 4d 9d a3 9c 56 e1 39 12 7d 7a 1e 34 6c 4a 71 46 e5 e2 cd 79 b2 55 89 93 92 1b fd 1b d2 0d 4a 67 08 57 2e 12 90 eb 9c 38 64 10 e1 2d 72 7d 75 3c 65 2a ac 7a 11 96 d0 d7 25 4f 26 3d d3 61 b8 11 e2 c8 2c a4 5d f9 e7 94 f8 fb aa f7 b4 9d 12 6d c0 6f cf 5b 84 da bd 22 88 13 c5 21 16 dc b1 08 ef eb 39 b3 2d 41 42 89 72 6e 43 83 fe 73 95 72 34 4c 3b 1c 02 7e e9 c6 51 49 a7 98 d1 33 c9 c8 d1 f1 15 65 bc 99 13 40 01 27 b0 55 f9 c1 28 6c ab 21 ae e1 3b 57 64 0f 23 9a 9f 0d 48 0d de 7f ac e1 b1 ea 2a fb 6b 08 b2 70 95 e7 43 e8 dc 1d 60 c5 e2 c0 24 ac 78 dd b7 50 f8 3f 7d fc 2d ed 11 1e 8f 5a e1 95 f9 c2 81 b8 ca b5 75 d1 75 28 c7 3b 73 fb 41 44 b9 5e a5 b8 88 24 cd 23 12 bc c5 00 a6 78 f8 0d b3 2f c1 4e 29 b1 65 95 b9 f8 5e a2 e5 83 49 b0 89 c8 81 c5 d9 4f 36 3f b5 c9 86 e9 f6 18 49 d7 3f bb f8 06 ff 12 5e 3b cd 7b 09 93 52 1b 11 bc ff 6a cc 6f af 13 3f 41 74 c2 70 a0 2f b6 93 f6 e4 0c d3 62 ab 2d 69 ab d0 27 b9 da 54 9e 97 ab 66 9a 25 a5 04 14 c9 11 f4 da 9a 6c 78 fd dc 88 0d 98 af ee 07 15 0a 88 13 80 1b 0f fe 88 d5 5f a7 db 58 26 49 50 b3 a3 48 38 57 02 3d 22 3e bc 6f d9 14 7d 3a 8e 97 a3 fc 0a cc f9 c5 9b 97 64 78 7a 9f 99 5d e9 d3 36 12 ce a9 56 31 4f 61 d7 22 47 f3 d3 c0 76 2f 9d 0d 23 d8 2d Data Ascii: Q}]N'{5^>/e"SmMV9}z4lJqFyUJgW.8d-r}u<e*z%O&=a,]mo["!9-ABrnCsr4L;~QI3e@'U(l!;Wd#H*kpC`$xP?}-Zuu(;sAD^$#x/N)e^IO6?I?^;{Rjo?Atp/b-i'Tf%lx_X&IPH8W=">o}:dxz]6V1Oa"Gv/#-
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 178.62.39.238:443Content-Length: 420Connection: Keep-AliveCache-Control: no-cacheData Raw: 36 87 63 be ab 4d 11 9a 8d e5 ae 30 8f 03 f4 ed 2f b2 5d 71 22 94 08 55 72 b7 23 60 88 82 58 bc a5 a1 a6 ee 67 d2 b9 c7 a2 75 f2 be 20 ca 5a 1e 72 3c 32 34 49 9d 8d da b0 c4 17 29 6f bc 3b 25 bc f6 35 5b ac b1 1d 6e 5b 72 e1 b7 d0 ff 24 e6 66 d1 eb cc 8c 4c 48 04 bd bb ba c7 c0 50 2a c3 a1 a8 07 ed 2d ee 36 10 7c eb 4f 94 bf 3c f3 2c d7 e8 47 38 6b 1b c7 40 e9 fb 6b d4 06 8f 17 7d 79 88 fa 04 3e 43 80 05 27 64 f8 f2 e9 a3 99 78 20 22 d9 d8 02 c0 c8 8a 3c ec 72 2e 24 da dc cc 73 b9 0e c1 04 e4 2c 14 cd 78 4d 80 15 7d 40 93 36 64 45 bc ca b8 3b 36 30 3c 75 a4 32 e3 13 b0 6d 96 66 c3 6b 3d 83 27 9b ce 35 cc bf 7d 45 c6 68 8b 68 22 af be f7 21 32 3a f1 4d 77 c3 eb 49 51 d4 5d c4 c3 43 3d af 25 8a d2 9e 0b 5e 62 b8 23 96 52 87 ab 9f 99 76 c3 4c ca 04 8e 13 76 97 66 df 65 e3 e3 30 00 26 0d 50 4b 07 9d fe 28 0e d7 90 e4 88 18 54 af c8 99 cc a4 b7 55 2d bf 8f 74 3b cf 2a 29 c2 62 81 51 a3 85 7e 7f 38 9f 93 b1 48 03 7c be ac d5 d3 13 4e a3 2e 84 20 79 8e 43 13 3e 3e 6e 5b d3 eb 66 66 e8 4f 31 60 ae a1 ab 63 a2 0f 95 f1 e9 eb ae 2f 88 89 62 81 e1 a3 1d 7f 68 60 bc c7 90 b7 6a de a4 42 bb 93 e5 18 93 e7 3a 23 ea 68 67 9a 45 03 40 44 d8 65 22 c5 70 3a b0 a9 80 0e f3 ba 6d ec 58 94 57 e6 b3 34 c0 07 4a 52 e6 20 83 d1 99 36 a7 a7 d1 34 31 7d 40 3d d7 36 Data Ascii: 6cM0/]q"Ur#`Xgu Zr<24I)o;%5[n[r$fLHP*-6|O<,G8k@k}y>C'dx "<r.$s,xM}@6dE;60<u2mfk='5}Ehh"!2:MwIQ]C=%^b#RvLvfe0&PK(TU-t;*)bQ~8H|N. yC>>n[ffO1`c/bh`jB:#hgE@De"p:mXW4JR 641}@=6
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 79.172.249.82:443Content-Length: 420Connection: Keep-AliveCache-Control: no-cacheData Raw: 58 bc bb 04 e4 14 85 db 8c 7d 08 8e 27 65 5d 4e ae 1d 58 2d 51 a0 e8 a4 83 99 e8 9c 62 6c 71 ae 52 f9 a7 e8 7f f9 52 42 f9 0b 1e 03 0a 56 0b d2 6c 61 13 e2 2b 87 b8 ea 61 49 e7 e5 44 33 c5 ea 43 e4 55 ce 23 77 f9 5e 6e e1 8d f9 d3 3e 2a 9d 10 59 db 1c 3f f6 8d 2f e6 5e d3 09 3b 57 e1 20 ee b6 a0 61 fe ea cf ce 03 d7 a4 7f f7 45 3f 1c 86 88 e0 d6 22 20 45 81 8b 0e 03 d3 89 c7 2b 44 97 26 68 dd 44 44 73 01 b1 b5 57 b3 54 ad 1a 56 4c 6a f3 86 be c6 9a 3a f5 56 6a 17 7b 5d ac 2a 33 32 75 dd 41 eb ac 2d 0d 23 87 b6 c1 71 4e 0b 80 be c4 92 e6 2b 3c e3 9e ab e4 5b 83 da b6 9e 77 cc 49 48 6a 4b 2c fb d2 da d0 12 89 32 5f 6e 18 c7 e6 3a 3f 37 5c 7b ed 2c 00 c2 30 2c f8 e7 6c 5e 39 de eb 91 13 35 04 f2 80 37 7b f9 7f 96 8d 8c e3 ee 42 97 bb 5f 8c ee 3b 2f 6e 10 a2 6c 66 38 df c4 29 70 ba 0c 7e 25 d6 67 a2 82 4c 90 30 5a 7b 98 cd 64 a3 d3 f7 d3 83 22 cb 4b fe c2 fc 9e 2f a7 6f 38 a4 1d e4 9c 6b 2f 49 d8 15 0e 05 d7 53 a1 fc 04 44 3b 73 19 87 c6 26 0b 95 fb 9a e4 0b 36 06 17 e2 fc f9 0c f8 eb 15 93 3a ea da e8 b3 2e b8 ad 00 c7 13 70 ef 87 26 3a 94 b2 e8 fa 54 95 d7 6a 9e f0 15 2a 51 37 eb e5 06 ad e7 9b 7b 89 1e 60 c4 10 69 e6 90 25 f1 d5 b3 5e 9e a3 ca 70 52 60 32 6c 0c ad b6 a3 a3 83 c6 08 f0 bc 0c 19 53 a7 80 31 ef 10 00 27 e4 33 7e 8a d0 65 f2 f3 Data Ascii: X}'e]NX-QblqRRBVla+aID3CU#w^n>*Y?/^;W aE?" E+D&hDDsWTVLj:Vj{]*32uA-#qN+<[wIHjK,2_n:?7\{,0,l^957{B_;/nlf8)p~%gL0Z{d"K/o8k/ISD;s&6:.p&:Tj*Q7{`i%^pR`2lS1'3~e
                    Source: unknownTCP traffic detected without corresponding DNS query: 79.172.249.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 79.172.249.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 79.172.249.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 79.172.249.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 79.172.249.82
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.169.54.12
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.169.54.12
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.169.54.12
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.230.145.224
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.230.145.224
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.230.145.224
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.86.91.232
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.86.91.232
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.86.91.232
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.82.115.164
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.82.115.164
                    Source: unknownTCP traffic detected without corresponding DNS query: 80.82.115.164
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.114.153.153
                    Source: unknownTCP traffic detected without corresponding DNS query: 71.244.60.231
                    Source: unknownTCP traffic detected without corresponding DNS query: 71.244.60.231
                    Source: unknownTCP traffic detected without corresponding DNS query: 71.244.60.231
                    Source: unknownTCP traffic detected without corresponding DNS query: 186.103.199.252
                    Source: unknownTCP traffic detected without corresponding DNS query: 186.103.199.252
                    Source: unknownTCP traffic detected without corresponding DNS query: 186.103.199.252
                    Source: unknownTCP traffic detected without corresponding DNS query: 37.187.4.178
                    Source: unknownTCP traffic detected without corresponding DNS query: 37.187.4.178
                    Source: unknownTCP traffic detected without corresponding DNS query: 37.187.4.178
                    Source: unknownTCP traffic detected without corresponding DNS query: 159.203.94.198
                    Source: unknownTCP traffic detected without corresponding DNS query: 159.203.94.198
                    Source: unknownTCP traffic detected without corresponding DNS query: 159.203.94.198
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 178.62.39.238
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.facebook.com (Facebook)
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.twitter.com (Twitter)
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-03-30T14:41:57.9016760Z||.||a2c1be1c-1f7b-4188-b36e-f57b9066932b||1152921505693336001||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-03-30T14:41:57.9016760Z||.||a2c1be1c-1f7b-4188-b36e-f57b9066932b||1152921505693336001||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI",7 equals www.facebook.com (Facebook)
                    Source: svchost.exe, 00000021.00000003.571037880.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI",7 equals www.twitter.com (Twitter)
                    Source: svchost.exe, 00000021.00000003.571125812.000001AB9EF72000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE equals www.facebook.com (Facebook)
                    Source: svchost.exe, 00000021.00000003.571125812.000001AB9EF72000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE equals www.twitter.com (Twitter)
                    Source: svchost.exe, 00000021.00000003.564325045.000001AB9EF73000.00000004.00000001.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-03-15T21:09:58.8377117Z||.||1ad32855-590c-405c-8d49-1a557bf58211||1152921505693277189||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2021-03-15T21:09:05.1816176Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6c"},{"IdType":"XboxTitleId","Value":"2124184622"}],"IngestionSourc
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":507060394,"PackageFormat":"EAppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6","PackageId":"448e913e-e6bd-69c2-2c7f-25b80795f801-X86","PackageRank":30011,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Xbox"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"platf
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":507060394,"PackageFormat":"EAppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6","PackageId":"448e913e-e6bd-69c2-2c7f-25b80795f801-X86","PackageRank":30011,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Xbox"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"platf
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: !\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","SkuTitle":"Hidden City: Hidden Object Adventure","Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NBLGGH6J6VK","Properties":{"FulfillmentData":{"ProductId":"9NBLGGH6J6VK","WuCategoryId":"e15668ee-9cc1-4bc2-ba76-e91eb1a11e95","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","SkuId":"0011"},"FulfillmentType":null,"FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x86"],"Capabilities":["internetClient"],"ExperienceIds":[],"MaxDownloadSizeInBytes":507060394,"PackageFormat":"EAppxBundle","PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","MainPackageFamilyNameForDlc":null,"PackageFullName":"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6","PackageId":"448e913e-e6bd-69c2-2c7f-25b80795f801-X86","PackageRank":30011,"PlatformDependencies":[{"MaxTested":2814750931222528,"MinVersion":2814750438195200,"PlatformName":"Windows.Xbox"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_x86__ytsefhwckbdv6\"],\"content.isMain\":false,\"content.packageId\":\"828B5831.HiddenCityMysteryofShadows_1.40.4001.70_neutral_~_ytsefhwckbdv6\",\"content.productId\":\"94ad5279-e84a-4d40-b7cf-c6f16f916e6c\",\"content.targetPlatforms\":[{\"platf
                    Source: svchost.exe, 00000021.00000003.561249229.000001AB9EFA8000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: svchost.exe, 00000021.00000003.561249229.000001AB9EFA8000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: svchost.exe, 00000021.00000003.561249229.000001AB9EFA8000.00000004.00000001.sdmpString found in binary or memory: % Regular free updates with loads of new content\r\n____________________________ \r\n\r\nGame available in: English, French, Italian, German, Spanish, Portuguese, Brazilian Portuguese, Russian, Korean, Simplified Chinese, Traditional Chinese, Japanese, Arabic\r\n____________________________ \r\n\r\nSign up now for a weekly round-up of the best from G5 Games! www.g5e.com/e-mail\r\n____________________________ \r\n\r\nG5 Games - World of Adventures"!!\r\nCollect them all! Search for \"g5\" in Windows Store! \r\n____________________________\r\n\r\nVISIT US: www.g5e.com\r\nWATCH US: www.youtube.com/g5enter\r\nFIND US: www.facebook.com/HiddenCityGame\r\nJOIN US: https://instagram.com/hiddencity_\r\nFOLLOW US: www.twitter.com/g5games\r\nTerms of Service: http://www.g5e.com/termsofservice \r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName
                    Source: svchost.exe, 00000021.00000003.564393869.000001AB9EF1F000.00000004.00000001.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-03-15T21:09:58.8377117Z||.||1ad32855-590c-405c-8d49-1a557bf58211||1152921505693277189||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2021-03-15T21:09:05.1816176Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
                    Source: svchost.exe, 00000021.00000003.564189314.000001AB9EF62000.00000004.00000001.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-03-15T21:09:58.8377117Z||.||1ad32855-590c-405c-8d49-1a557bf58211||1152921505693277189||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2021-03-15T21:09:05.1816176Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
                    Source: svchost.exe, 00000021.00000003.564393869.000001AB9EF1F000.00000004.00000001.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","SkuTitle":"Messenger","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9WZDNCRF0083","Properties":{"FulfillmentData":{"ProductId":"9WZDNCRF0083","WuCategoryId":"c6a9fa5c-20a2-4e12-904d-edd408657dc8","PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"App"}],"Architectures":["x64"],"Capabilities":["runFullTrust","internetClient","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":137845484,"PackageFormat":"Appx","PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","MainPackageFamilyNameForDlc":null,"PackageFullName":"FACEBOOK.317180B0BB486_950.7.118.0_x64__8xx8rvfyw5nnt","PackageId":"9f0b5036-3839-33f0-1d64-45190b6cc3d7-X64","PackageRank":30002,"PlatformDependencies":[{"MaxTested":2814750970478592,"MinVersion":2814750438195200,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"FACEBOOK.317180B0BB486_950.7.118.0_x64__8xx8rvfyw5nnt\",\"content.productId\":\"3219d30d-4a23-4f58-a91c-c44b04e6a0c7\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750970478592,\"platform.minVersion\":2814750438195200,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Social\",\"optOut.backu
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 79.172.249.82:443Content-Length: 436Connection: Keep-AliveCache-Control: no-cacheData Raw: 7b 60 06 d1 44 a5 d6 e2 88 48 bf 43 38 5e e0 29 73 bc 94 ef 47 0e 26 50 73 f5 61 5e 1e fd ab c1 56 bb 26 46 4e bc a8 10 ae 67 12 4d 61 10 96 f7 9c 41 c4 71 4b 45 b0 27 b0 1d c3 d3 30 10 09 05 6c 57 7b c7 15 3e d8 72 b4 68 52 84 30 29 f3 d0 31 24 2f 16 54 8b 91 c3 8b 3b bc 0a 1b 1c ea 1d 69 cc ed 4f dd dd 75 7b 53 72 de 1a fe be 9a 32 49 68 da 46 5d 1b 5d 0b b4 b0 0b ca 0a 2e 91 5e d6 f1 2f f3 9e 5f 4d 3c 1d c2 e8 8f f0 e6 f1 cd c2 38 65 20 25 cc e3 2f 79 9e be 9c 0b b0 5a 77 9f 2d f8 f3 6b 14 41 a1 37 d9 ea 08 fe 01 53 94 98 35 d9 ae aa c9 7f ba 46 11 8d 4d 42 c2 d0 35 31 1d 11 e3 ef c1 e4 b1 2a 5e 52 2e 46 a1 2a 23 84 2c 3e 31 ff eb 6f f0 6c 89 46 28 5a c9 87 0d c7 05 74 29 52 f2 ac 3a 76 ca 32 37 b4 0f ec 2d df 3d bf 54 be 3a 03 fd c8 90 f8 09 15 0d 9f 8f 77 2d 93 58 c1 c8 b4 33 7f cc de 29 37 2f 26 f5 ca 2b d0 5d d8 dc f5 09 73 66 4d 68 0d d6 10 f1 50 56 df 5c 25 29 f2 7b e0 54 04 c9 36 88 07 b8 9d 4c d4 dc 64 c9 be e4 33 40 40 41 7b 0a 62 15 e0 ad 48 a7 85 ee bc 6b 25 93 dd a5 5e 68 d5 ea cb 1f 96 23 96 d1 66 1e af a7 d6 38 35 b5 a2 67 af 72 c4 00 16 5f 75 ad 1a 58 61 49 4b 2d f5 1f 9b 12 b6 14 2b cd 47 01 53 51 a8 18 a2 be 3c f2 b6 cb 11 7d 23 f5 0a b7 59 d2 c8 9f a3 0e 7d bf c0 e4 0f af a2 4d 48 e3 df 84 ce 33 f5 9e 92 eb 7b 30 0e c0 f6 d6 24 27 e1 a5 4f f6 0b 46 7c 59 26 73 68 1f Data Ascii: {`DHC8^)sG&Psa^V&FNgMaAqKE'0lW{>rhR0)1$/T;iOu{Sr2IhF]].^/_M<8e %/yZw-kA7S5FMB51*^R.F*#,>1olF(Zt)R:v27-=T:w-X3)7/&+]sfMhPV\%){T6Ld3@@A{bHk%^h#f85gr_uXaIK-+GSQ<}#Y}MH3{0$'OF|Y&sh
                    Source: svchost.exe, 00000023.00000003.817201176.000001E91F73B000.00000004.00000001.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/PPCRLwssecurity-utility-1.0.xsdp.as
                    Source: svchost.exe, 00000023.00000002.1283907175.000001E91FC13000.00000004.00000001.sdmpString found in binary or memory: http://Passport.NET/tbpose
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: svchost.exe, 00000021.00000002.588532098.000001AB9E6EA000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: svchost.exe, 00000021.00000002.588532098.000001AB9E6EA000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertSHA2SecureServerCA.crl0=
                    Source: svchost.exe, 00000007.00000002.597695297.000001CC04417000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: svchost.exe, 00000021.00000002.588532098.000001AB9E6EA000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertSHA2SecureServerCA.crl0
                    Source: svchost.exe, 00000023.00000003.1128521121.000001E91F752000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.o0
                    Source: svchost.exe, 00000023.00000003.1128451283.000001E91F788000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.811531536.000001E91F72F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$
                    Source: svchost.exe, 00000023.00000003.817201176.000001E91F73B000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdP
                    Source: svchost.exe, 00000023.00000003.811531536.000001E91F72F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsddd
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1284162340.000001E91FC3E000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: svchost.exe, 00000023.00000002.1281395121.000001E91F713000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd/Encr
                    Source: svchost.exe, 00000023.00000002.1280248925.000001E91EE5C000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: CCFEED7EF3CD3BBD21329435542A98D2_9C2DDAC79C917837883918D6BB58BE90.35.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOe
                    Source: svchost.exe, 00000023.00000002.1284162340.000001E91FC3E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6tiox
                    Source: svchost.exe, 00000021.00000002.588532098.000001AB9E6EA000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: svchost.exe, 00000007.00000002.597695297.000001CC04417000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                    Source: svchost.exe, 00000023.00000003.1128871295.000001E91FC43000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.c
                    Source: svchost.exe, 00000023.00000002.1283907175.000001E91FC13000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUv
                    Source: svchost.exe, 00000023.00000002.1280404405.000001E91EE92000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootCA.crlhttp://crl4.digicert.com/Di
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertSHA2SecureServerCA.crlhttp://crl4.digicert.
                    Source: svchost.exe, 00000007.00000002.597695297.000001CC04417000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.1128871295.000001E91FC43000.00000004.00000001.sdmpString found in binary or memory: http://passport.net/tb
                    Source: svchost.exe, 00000023.00000003.811444618.000001E91F757000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.818192640.000001E91F72E000.00000004.00000001.sdmpString found in binary or memory: http://schemas.mi
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: svchost.exe, 00000007.00000003.597153512.000001CC7ECA4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.811539482.000001E91F762000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: svchost.exe, 00000023.00000003.811539482.000001E91F762000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc1A=
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scicy
                    Source: svchost.exe, 00000023.00000002.1281474062.000001E91F764000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scr
                    Source: svchost.exe, 00000023.00000002.1281474062.000001E91F764000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scs-cbc
                    Source: svchost.exe, 00000023.00000003.1128521121.000001E91F752000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scsis-200
                    Source: svchost.exe, 00000023.00000003.817201176.000001E91F73B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: svchost.exe, 00000023.00000003.817330267.000001E91F732000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.817201176.000001E91F73B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue(
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: svchost.exe, 00000023.00000002.1281444114.000001E91F737000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: svchost.exe, 00000025.00000002.958877289.00000237FDA60000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
                    Source: svchost.exe, 0000000E.00000002.310250602.000002C4B4613000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/termsofservice
                    Source: svchost.exe, 00000021.00000003.560024463.000001AB9EF9D000.00000004.00000001.sdmpString found in binary or memory: http://www.hulu.com/privacy
                    Source: svchost.exe, 00000021.00000003.560024463.000001AB9EF9D000.00000004.00000001.sdmpString found in binary or memory: http://www.hulu.com/terms
                    Source: svchost.exe, 00000023.00000002.1281425866.000001E91F732000.00000004.00000001.sdmpString found in binary or memory: http://www.w3.
                    Source: svchost.exe, 0000000B.00000002.1280219876.000001CE16A43000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
                    Source: svchost.exe, 0000000B.00000002.1280219876.000001CE16A43000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
                    Source: svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&amp;id=80502
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809365345.000001E91F750000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809365345.000001E91F750000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80600
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809365345.000001E91F750000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80601
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809334193.000001E91F777000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80603
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809334193.000001E91F777000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80604
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809800002.000001E91F730000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809334193.000001E91F777000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80605
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=806018204055Z0#1
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809800002.000001E91F730000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809334193.000001E91F777000.00000004.00000001.sdmpString found in binary or memory: https://account.live.com/msangcwam
                    Source: svchost.exe, 0000000B.00000002.1280219876.000001CE16A43000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
                    Source: svchost.exe, 0000000B.00000002.1280219876.000001CE16A43000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
                    Source: svchost.exe, 0000000B.00000002.1280219876.000001CE16A43000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
                    Source: svchost.exe, 00000021.00000003.569537368.000001AB9EF7D000.00000004.00000001.sdmp, svchost.exe, 00000021.00000003.569479296.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/contact/
                    Source: svchost.exe, 00000021.00000003.569537368.000001AB9EF7D000.00000004.00000001.sdmp, svchost.exe, 00000021.00000003.569479296.000001AB9EF20000.00000004.00000001.sdmp, svchost.exe, 00000021.00000003.569716300.000001AB9EF74000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/parents/
                    Source: svchost.exe, 0000000E.00000003.309587482.000002C4B4649000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
                    Source: svchost.exe, 0000000E.00000002.310282027.000002C4B463D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
                    Source: svchost.exe, 0000000E.00000003.309234233.000002C4B464F000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
                    Source: svchost.exe, 0000000E.00000003.287069493.000002C4B462F000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 0000000E.00000003.287069493.000002C4B462F000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
                    Source: svchost.exe, 0000000E.00000002.310282027.000002C4B463D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
                    Source: svchost.exe, 0000000E.00000003.287069493.000002C4B462F000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
                    Source: svchost.exe, 0000000E.00000003.309733634.000002C4B4640000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
                    Source: svchost.exe, 0000000E.00000003.309733634.000002C4B4640000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
                    Source: svchost.exe, 0000000E.00000003.309733634.000002C4B4640000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000002.310290532.000002C4B464B000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
                    Source: svchost.exe, 0000000E.00000003.287069493.000002C4B462F000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
                    Source: svchost.exe, 0000000E.00000003.309587482.000002C4B4649000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
                    Source: svchost.exe, 0000000E.00000002.310290532.000002C4B464B000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
                    Source: svchost.exe, 0000000E.00000002.310290532.000002C4B464B000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
                    Source: svchost.exe, 0000000E.00000003.309313094.000002C4B4663000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.309587482.000002C4B4649000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
                    Source: svchost.exe, 0000000E.00000003.309432644.000002C4B4660000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
                    Source: svchost.exe, 0000000E.00000002.310282027.000002C4B463D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 0000000E.00000003.287069493.000002C4B462F000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
                    Source: svchost.exe, 00000021.00000003.569537368.000001AB9EF7D000.00000004.00000001.sdmp, svchost.exe, 00000021.00000003.569479296.000001AB9EF20000.00000004.00000001.sdmpString found in binary or memory: https://en.help.roblox.com/hc/en-us
                    Source: svchost.exe, 00000021.00000003.561078646.000001AB9EF6C000.00000004.00000001.sdmpString found in binary or memory: https://instagram.com/hiddencity_
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
                    Source: svchost.exe, 00000023.00000002.1280248925.000001E91EE5C000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                    Source: svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&amp;id=80502
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809365345.000001E91F750000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&amp;id=80600
                    Source: svchost.exe, 00000023.00000003.809487394.000001E91F729000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809365345.000001E91F750000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809297166.000001E91F72E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&amp;id=80601
                    Source: svchost.exe, 00000023.00000003.809599953.000001E91F70E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                    Source: svchost.exe, 00000023.00000003.809599953.000001E91F70E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                    Source: svchost.exe, 00000023.00000003.809599953.000001E91F70E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                    Source: svchost.exe, 00000023.00000002.1280248925.000001E91EE5C000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                    Source: svchost.exe, 00000023.00000002.1280248925.000001E91EE5C000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                    Source: svchost.exe, 00000023.00000002.1284004591.000001E91FC29000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809525843.000001E91F740000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280404405.000001E91EE92000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                    Source: svchost.exe, 00000023.00000002.1280613714.000001E91EED2000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/RST2.srfLMEMX
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/RST2.srfy
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                    Source: svchost.exe, 00000023.00000003.809763951.000001E91F748000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                    Source: svchost.exe, 00000023.00000003.809867311.000001E91F74B000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/pH
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmp, svchost.exe, 00000023.00000003.809384646.000001E91F761000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                    Source: svchost.exe, 00000023.00000002.1280118155.000001E91EE3D000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srfoken
                    Source: svchost.exe, 00000023.00000003.809384646.000001E91F761000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                    Source: svchost.exe, 00000023.00000002.1280248925.000001E91EE5C000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                    Source: svchost.exe, 00000023.00000003.809384646.000001E91F761000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                    Source: svchost.exe, 00000023.00000003.809384646.000001E91F761000.00000004.00000001.sdmp, svchost.exe, 00000023.00000002.1280711050.000001E91EF02000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                    Source: svchost.exe, 00000023.00000002.1280