Loading ...

Play interactive tourEdit tour

Analysis Report 0pz1on1.dll

Overview

General Information

Sample Name:0pz1on1.dll
Analysis ID:320211
MD5:3c4804307010574bc5c94c57ea8d3135
SHA1:52163b920bac82132f76d1bd8d1978fe5ab88667
SHA256:733cbecbe9469a90f40dc38448866df368238aac203fa9c986cd6b45d8057aa7
Tags:dllgoziisfbursnif

Most interesting Screenshot:

Detection

Ursnif
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Creates a COM Internet Explorer object
Machine Learning detection for sample
PE file has a writeable .text section
Writes or reads registry keys via WMI
Writes registry values via WMI
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 6936 cmdline: loaddll32.exe 'C:\Users\user\Desktop\0pz1on1.dll' MD5: 62442CB29236B024E992A556DA72B97A)
    • regsvr32.exe (PID: 6944 cmdline: regsvr32.exe /s C:\Users\user\Desktop\0pz1on1.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • cmd.exe (PID: 6952 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • iexplore.exe (PID: 6972 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 7044 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6972 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5740 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6972 CREDAT:82952 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 6212 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6972 CREDAT:17436 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"server": "12", "version": "250162", "uptime": "351ceL", "crc": "1", "id": "7238", "user": "4229768108f8d2d8cdc8873a31eb82f6", "soft": "3"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.709938495.0000000004B38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000001.00000003.710009927.0000000004B38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000001.00000003.709960999.0000000004B38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000001.00000003.709897369.0000000004B38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000001.00000003.710074481.0000000004B38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 5 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: regsvr32.exe.6944.1.memstrMalware Configuration Extractor: Ursnif {"server": "12", "version": "250162", "uptime": "351ceL", "crc": "1", "id": "7238", "user": "4229768108f8d2d8cdc8873a31eb82f6", "soft": "3"}
            Source: regsvr32.exe.6944.1.memstrMalware Configuration Extractor: Ursnif {"server": "12", "version": "250162", "uptime": "351ceL", "crc": "1", "id": "7238", "user": "4229768108f8d2d8cdc8873a31eb82f6", "soft": "3"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 0pz1on1.dllVirustotal: Detection: 12%Perma Link
            Source: 0pz1on1.dllVirustotal: Detection: 12%Perma Link
            Machine Learning detection for sampleShow sources
            Source: 0pz1on1.dllJoe Sandbox ML: detected
            Source: 0pz1on1.dllJoe Sandbox ML: detected
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F523B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,1_2_026F523B
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F523B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,1_2_026F523B

            Networking:

            barindex
            Creates a COM Internet Explorer objectShow sources
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: Joe Sandbox ViewIP Address: 151.101.1.44 151.101.1.44
            Source: Joe Sandbox ViewIP Address: 151.101.1.44 151.101.1.44
            Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
            Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
            Source: global trafficHTTP traffic detected: GET /images/lcFsCCu6XNM4pzjDX9/Rf920MsPd/vgweJGGW4yMpnFFbKRdb/rMLnID4pno1jhDPg_2B/gCtnp5OejYlg5M0Xpnwv8O/gpi95pzZNi_2F/y_2F9cQy/vDMvSxl_2BNU9G_2FwH_2BP/AZJJtDQfBY/TKL237DbsWcS1Nmtn/Au9.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /images/lcFsCCu6XNM4pzjDX9/Rf920MsPd/vgweJGGW4yMpnFFbKRdb/rMLnID4pno1jhDPg_2B/gCtnp5OejYlg5M0Xpnwv8O/gpi95pzZNi_2F/y_2F9cQy/vDMvSxl_2BNU9G_2FwH_2BP/AZJJtDQfBY/TKL237DbsWcS1Nmtn/Au9.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
            Source: de-ch[1].htm.6.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.6.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
            Source: de-ch[1].htm.6.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
            Source: de-ch[1].htm.6.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.6.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
            Source: de-ch[1].htm.6.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
            Source: unknownDNS traffic detected: queries for: www.msn.com
            Source: unknownDNS traffic detected: queries for: www.msn.com
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/Root.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/primobject.crl0N
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/root.crl0
            Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns#
            Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns/fb#
            Source: auction[1].htm.6.drString found in binary or memory: http://popup.taboola.com/german
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
            Source: 0pz1on1.dllString found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
            Source: 0pz1on1.dllString found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
            Source: 0pz1on1.dllString found in binary or memory: http://www.bullguard.com0
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository/0
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository/03
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository09
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://amzn.to/2TTxhNg
            Source: auction[1].htm.6.drString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;ap
            Source: iab2Data[1].json.6.drString found in binary or memory: https://bealion.com/politica-de-cookies
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
            Source: iab2Data[1].json.6.drString found in binary or memory: https://channelpilot.co.uk/privacy-policy
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://client-s.gateway.messenger.live.com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://clk.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=21863656
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
            Source: iab2Data[1].json.6.drString found in binary or memory: https://docs.prebid.org/privacy.html
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
            Source: auction[1].htm.6.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
            Source: auction[1].htm.6.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
            Source: de-ch[1].htm.6.drString found in binary or memory: https://itunes.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
            Source: de-ch[1].htm.6.drString found in binary or memory: https://linkmaker.itunes.apple.com/assets/shared/badges/de-de/appstore-lrg.svg&quot;
            Source: iab2Data[1].json.6.drString found in binary or memory: https://listonic.com/privacy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1605766094&amp;rver
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1605766094&amp;rver=7.0.6730.0&am
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/logout.srf?ct=1605766095&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1605766094&amp;rver=7.0.6730.0&amp;w
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
            Source: de-ch[1].htm.6.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/#qt=mru
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
            Source: de-ch[1].htm.6.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/about/en/download/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;Fotos
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
            Source: de-ch[1].htm.6.drString found in binary or memory: https://outlook.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/calendar
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
            Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
            Source: iab2Data[1].json.6.drString found in binary or memory: https://portal.eu.numbereight.me/policies-license#software-privacy-notice
            Source: iab2Data[1].json.6.drString found in binary or memory: https://quantyoo.de/datenschutz
            Source: auction[1].htm.6.drString found in binary or memory: https://r1-usc1.zemanta.com/rp/u1gklbadixog/b1_msn/3927532/30291974/X34ACXVUOVAJKRXBYOQ7L6BY4XY5SP27
            Source: auction[1].htm.6.drString found in binary or memory: https://r1-usc1.zemanta.com/rp/u1qgeh572kn4/b1_msn/3788882/29593540/X34ACXVUOVAJKRXBYOQ7L6BY4XY5SP27
            Source: iab2Data[1].json.6.drString found in binary or memory: https://related.hu/adatkezeles/
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
            Source: de-ch[1].htm.6.drString found in binary or memory: https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&amp;campid=533862
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-verticals-shoppinghub
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
            Source: imagestore.dat.3.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b6vzA.img?h=27&amp;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8JvL.img?h=166&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8RRR.img?h=166&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8T10.img?h=333&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://support.skype.com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://twitter.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://twitter.com/i/notifications;Ich
            Source: de-ch[1].htm.6.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.admo.tv/en/privacy-policy
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopa
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-river
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bet365affiliates.com/UI/Pages/Affiliates/Affiliates.aspx?ContentPath
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/?utm_source=ms&amp;utm_campaign=mestripe
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/?utm_source=ms&amp;utm_campaign=topnav
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/elektronik-unterhaltung?utm_source=ms&amp;utm_campaign=infopane-elec
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&amp;utm_campaign=shop-karte
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&amp;utm_campaign=shop-live
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.brightcom.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.freundin.de/astrologie-sternzeichen-fremde-handys-ausspionieren
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.gadsme.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp:
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/finanzen/top-stories/zahlen-sie-kontaktlos-der-aufruf-befeuert-das-bancoma
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/schweiz/krawallanten-halunke-so-giftig-wird-um-die-konzerninit
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/das-l%c3%a4nderspiel-schweiz-ukraine-findet-weder-heute-noch-mo
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/einweg-masken-heissen-nicht-so-weil-man-sie-auf-den-weg-schmeis
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/ich-habe-immer-gemeint-dass-wir-%c3%a4lteren-den-jungen-egal-si
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/pl%c3%b6tzlich-steht-da-roger-federer-und-fragt-nach-marroni/ar
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/rechtsextreme-trainieren-und-posieren-vermummt-in-luzern/ar-BB1
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/wohl-kein-nati-spiel-am-dienstag-in-luzern/ar-BB1b5oQw?ocid=hpl
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/fussball/alle-ukrainer-in-quarant%c3%a4ne-nati-spiel-von-heute-ist-a
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/fussball/petkovic-wollen-auch-k%c3%bcnftig-gegen-grosse-mannschaften
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
            Source: auction[1].htm.6.drString found in binary or memory: https://www.outbrain.com/legal/privacy/de
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.remixd.com/privacy_policy.html
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skype.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de/download-skype
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.vidstart.com/wp-content/uploads/2018/09/PrivacyPolicyPDF-Vidstart.pdf
            Source: auction[1].htm.6.drString found in binary or memory: https://zem.outbrainimg.com/p/srv/sha/bd/60/86/2bac2dfa2c6662619bff6d55b47d20ea92.jpg?w=311&amp;h=33
            Source: auction[1].htm.6.drString found in binary or memory: https://zem.outbrainimg.com/p/srv/sha/cd/43/89/7c899940bc66fc80bffd6e3c5d7ea952cc.jpg?w=311&amp;h=33
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/Root.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/primobject.crl0N
            Source: 0pz1on1.dllString found in binary or memory: http://crl.globalsign.net/root.crl0
            Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns#
            Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns/fb#
            Source: auction[1].htm.6.drString found in binary or memory: http://popup.taboola.com/german
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
            Source: 0pz1on1.dllString found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
            Source: 0pz1on1.dllString found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
            Source: 0pz1on1.dllString found in binary or memory: http://www.bullguard.com0
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository/0
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository/03
            Source: 0pz1on1.dllString found in binary or memory: http://www.globalsign.net/repository09
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://amzn.to/2TTxhNg
            Source: auction[1].htm.6.drString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;ap
            Source: iab2Data[1].json.6.drString found in binary or memory: https://bealion.com/politica-de-cookies
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
            Source: iab2Data[1].json.6.drString found in binary or memory: https://channelpilot.co.uk/privacy-policy
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://client-s.gateway.messenger.live.com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://clk.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=21863656
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
            Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
            Source: iab2Data[1].json.6.drString found in binary or memory: https://docs.prebid.org/privacy.html
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
            Source: auction[1].htm.6.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
            Source: auction[1].htm.6.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
            Source: de-ch[1].htm.6.drString found in binary or memory: https://itunes.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
            Source: de-ch[1].htm.6.drString found in binary or memory: https://linkmaker.itunes.apple.com/assets/shared/badges/de-de/appstore-lrg.svg&quot;
            Source: iab2Data[1].json.6.drString found in binary or memory: https://listonic.com/privacy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1605766094&amp;rver
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1605766094&amp;rver=7.0.6730.0&am
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/logout.srf?ct=1605766095&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
            Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1605766094&amp;rver=7.0.6730.0&amp;w
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
            Source: de-ch[1].htm.6.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/#qt=mru
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
            Source: de-ch[1].htm.6.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/about/en/download/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;Fotos
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
            Source: de-ch[1].htm.6.drString found in binary or memory: https://outlook.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/calendar
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
            Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
            Source: iab2Data[1].json.6.drString found in binary or memory: https://portal.eu.numbereight.me/policies-license#software-privacy-notice
            Source: iab2Data[1].json.6.drString found in binary or memory: https://quantyoo.de/datenschutz
            Source: auction[1].htm.6.drString found in binary or memory: https://r1-usc1.zemanta.com/rp/u1gklbadixog/b1_msn/3927532/30291974/X34ACXVUOVAJKRXBYOQ7L6BY4XY5SP27
            Source: auction[1].htm.6.drString found in binary or memory: https://r1-usc1.zemanta.com/rp/u1qgeh572kn4/b1_msn/3788882/29593540/X34ACXVUOVAJKRXBYOQ7L6BY4XY5SP27
            Source: iab2Data[1].json.6.drString found in binary or memory: https://related.hu/adatkezeles/
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
            Source: de-ch[1].htm.6.drString found in binary or memory: https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&amp;campid=533862
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-verticals-shoppinghub
            Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
            Source: imagestore.dat.3.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b6vzA.img?h=27&amp;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8JvL.img?h=166&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8RRR.img?h=166&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1b8T10.img?h=333&amp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
            Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://support.skype.com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://twitter.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://twitter.com/i/notifications;Ich
            Source: de-ch[1].htm.6.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.admo.tv/en/privacy-policy
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopa
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-river
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bet365affiliates.com/UI/Pages/Affiliates/Affiliates.aspx?ContentPath
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/?utm_source=ms&amp;utm_campaign=mestripe
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/?utm_source=ms&amp;utm_campaign=topnav
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/elektronik-unterhaltung?utm_source=ms&amp;utm_campaign=infopane-elec
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&amp;utm_campaign=shop-karte
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&amp;utm_campaign=shop-live
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.brightcom.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.freundin.de/astrologie-sternzeichen-fremde-handys-ausspionieren
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.gadsme.com/privacy-policy/
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
            Source: {99EDD373-2A2D-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp:
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/finanzen/top-stories/zahlen-sie-kontaktlos-der-aufruf-befeuert-das-bancoma
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/schweiz/krawallanten-halunke-so-giftig-wird-um-die-konzerninit
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/das-l%c3%a4nderspiel-schweiz-ukraine-findet-weder-heute-noch-mo
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/einweg-masken-heissen-nicht-so-weil-man-sie-auf-den-weg-schmeis
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/ich-habe-immer-gemeint-dass-wir-%c3%a4lteren-den-jungen-egal-si
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/pl%c3%b6tzlich-steht-da-roger-federer-und-fragt-nach-marroni/ar
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/rechtsextreme-trainieren-und-posieren-vermummt-in-luzern/ar-BB1
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/wohl-kein-nati-spiel-am-dienstag-in-luzern/ar-BB1b5oQw?ocid=hpl
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/fussball/alle-ukrainer-in-quarant%c3%a4ne-nati-spiel-von-heute-ist-a
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/fussball/petkovic-wollen-auch-k%c3%bcnftig-gegen-grosse-mannschaften
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
            Source: auction[1].htm.6.drString found in binary or memory: https://www.outbrain.com/legal/privacy/de
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.remixd.com/privacy_policy.html
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skype.com/
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de/download-skype
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=
            Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
            Source: 85-0f8009-68ddb2ab[1].js.6.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
            Source: iab2Data[1].json.6.drString found in binary or memory: https://www.vidstart.com/wp-content/uploads/2018/09/PrivacyPolicyPDF-Vidstart.pdf
            Source: auction[1].htm.6.drString found in binary or memory: https://zem.outbrainimg.com/p/srv/sha/bd/60/86/2bac2dfa2c6662619bff6d55b47d20ea92.jpg?w=311&amp;h=33
            Source: auction[1].htm.6.drString found in binary or memory: https://zem.outbrainimg.com/p/srv/sha/cd/43/89/7c899940bc66fc80bffd6e3c5d7ea952cc.jpg?w=311&amp;h=33
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756

            Key, Mouse, Clipboard, Microphone and Screen Capturing:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000001.00000003.709938495.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710009927.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709960999.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709897369.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710074481.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.925636434.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709991832.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709847934.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710050270.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6944, type: MEMORY
            Source: loaddll32.exe, 00000000.00000002.924970262.0000000000AEB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
            Source: loaddll32.exe, 00000000.00000002.924970262.0000000000AEB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000001.00000003.709938495.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710009927.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709960999.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709897369.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710074481.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.925636434.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709991832.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.709847934.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.710050270.0000000004B38000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6944, type: MEMORY

            System Summary:

            barindex
            PE file has a writeable .text sectionShow sources
            Source: 0pz1on1.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: 0pz1on1.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Writes or reads registry keys via WMIShow sources
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Writes registry values via WMIShow sources
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_02191E57 GetProcAddress,NtCreateSection,memset,1_2_02191E57
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021911EA NtMapViewOfSection,1_2_021911EA
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021923F5 NtQueryVirtualMemory,1_2_021923F5
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F6066 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,1_2_026F6066
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026FB10D NtQueryVirtualMemory,1_2_026FB10D
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_02191E57 GetProcAddress,NtCreateSection,memset,1_2_02191E57
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021911EA NtMapViewOfSection,1_2_021911EA
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021923F5 NtQueryVirtualMemory,1_2_021923F5
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F6066 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,1_2_026F6066
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026FB10D NtQueryVirtualMemory,1_2_026FB10D
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021921D41_2_021921D4
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026FAEEC1_2_026FAEEC
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F15CD1_2_026F15CD
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_021921D41_2_021921D4
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026FAEEC1_2_026FAEEC
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_026F15CD1_2_026F15CD
            Source: 0pz1on1.dllStatic PE information: invalid certificate
            Source: 0pz1on1.dllStatic PE information: invalid certificate
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: @ .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ? .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: > .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: = .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: < .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ; .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: : .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 9 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 8 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 7 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 6 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 5 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 4 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 3 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 2 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 1 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: 0 .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: - .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: , .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: + .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: * .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ) .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ( .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ' .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: & .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: % .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: $ .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: # .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ' .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ! .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: .dllJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loa