Loading ...

Play interactive tourEdit tour

Windows Analysis Report c9.dll

Overview

General Information

Sample Name:c9.dll
Analysis ID:498883
MD5:c9cd971a083303b1b7c4c912f8739f6b
SHA1:25fc199dbb5a7c0a71dfa8f430d8f09d09c0326d
SHA256:96defacb7096fc81b809c4b0e427399cb2f7da2fb7eb278dd676785a8a476181
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Ursnif
Antivirus / Scanner detection for submitted sample
Writes or reads registry keys via WMI
Writes registry values via WMI
Uses 32bit PE files
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Tries to load missing DLLs
Contains functionality to read the PEB
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5048 cmdline: loaddll32.exe 'C:\Users\user\Desktop\c9.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6032 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c9.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5876 cmdline: rundll32.exe 'C:\Users\user\Desktop\c9.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6044 cmdline: regsvr32.exe /s C:\Users\user\Desktop\c9.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 5868 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 6180 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5868 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6072 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5868 CREDAT:82962 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 1704 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5868 CREDAT:82970 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 4488 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5868 CREDAT:17424 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6528 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5868 CREDAT:17436 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 1576 cmdline: rundll32.exe C:\Users\user\Desktop\c9.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6296 cmdline: rundll32.exe C:\Users\user\Desktop\c9.dll,Voicetest MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6436 cmdline: rundll32.exe C:\Users\user\Desktop\c9.dll,Writtendesign MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"lang_id": "RU, CN", "RSA Public Key": "sNCxDve8MsvqadlVNqvrqkrM1BxogjVDx1pm1sFsq4WSz4qQxcJltY8VfWo8VsoI23mmMdPi/UOBDHcesqv0uSg2A2wl6c7JgyFwuaQwy2G9JJPqbTWDud8pc5Fsai3ORlGbJXlqq6BhxmpAbEG4ENYLo4G5cYGPJwt8Un0NiZjp+ebvWtxOiBxUdWz4B4Wb", "c2_domain": ["api10.laptok.at/api1", "golang.feel500.at/api1", "go.in100k.at/api1"], "botnet": "3300", "server": "730", "serpent_key": "xQzYv150PXgru2nT", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "dga_base_url": "constitution.org/usdeclar.txt", "dga_tld": "com ru org", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000003.494661342.0000000004A29000.00000004.00000040.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
    00000003.00000003.522487862.0000000004AB9000.00000004.00000040.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
      00000003.00000002.523734739.0000000005328000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000006.00000003.488044357.00000000052F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.522077972.0000000005328000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 45 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.loaddll32.exe.73200000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              3.3.regsvr32.exe.452a253.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                1.3.loaddll32.exe.88a253.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  1.2.loaddll32.exe.28c94a0.1.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    1.3.loaddll32.exe.88a253.0.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 20 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 00000006.00000003.386491469.0000000004530000.00000040.00000001.sdmpMalware Configuration Extractor: Ursnif {"lang_id": "RU, CN", "RSA Public Key": "sNCxDve8MsvqadlVNqvrqkrM1BxogjVDx1pm1sFsq4WSz4qQxcJltY8VfWo8VsoI23mmMdPi/UOBDHcesqv0uSg2A2wl6c7JgyFwuaQwy2G9JJPqbTWDud8pc5Fsai3ORlGbJXlqq6BhxmpAbEG4ENYLo4G5cYGPJwt8Un0NiZjp+ebvWtxOiBxUdWz4B4Wb", "c2_domain": ["api10.laptok.at/api1", "golang.feel500.at/api1", "go.in100k.at/api1"], "botnet": "3300", "server": "730", "serpent_key": "xQzYv150PXgru2nT", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "dga_base_url": "constitution.org/usdeclar.txt", "dga_tld": "com ru org", "DGA_count": "10"}
                      Antivirus / Scanner detection for submitted sampleShow sources
                      Source: c9.dllAvira: detected
                      Source: c9.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.5:49768 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.5:49769 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.226:443 -> 192.168.2.5:49782 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.226:443 -> 192.168.2.5:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 3.127.209.187:443 -> 192.168.2.5:49784 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 3.127.209.187:443 -> 192.168.2.5:49786 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 35.244.174.68:443 -> 192.168.2.5:49789 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 35.244.174.68:443 -> 192.168.2.5:49788 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 76.223.111.131:443 -> 192.168.2.5:49792 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 76.223.111.131:443 -> 192.168.2.5:49793 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 185.29.132.241:443 -> 192.168.2.5:49797 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 185.29.132.241:443 -> 192.168.2.5:49799 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.156.0.31:443 -> 192.168.2.5:49803 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.156.0.31:443 -> 192.168.2.5:49804 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.184.201.8:443 -> 192.168.2.5:49805 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.184.201.8:443 -> 192.168.2.5:49806 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49819 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49818 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49824 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49825 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49826 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49827 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49846 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49845 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49843 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49842 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49847 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49844 version: TLS 1.2
                      Source: Binary string: c:\IdeaGave\commontrade\RaceBall\Dropmany\Paragraphequate\tiny.pdbp6(b source: loaddll32.exe, 00000001.00000002.794189213.0000000073221000.00000002.00020000.sdmp, c9.dll
                      Source: Binary string: c:\IdeaGave\commontrade\RaceBall\Dropmany\Paragraphequate\tiny.pdb source: loaddll32.exe, 00000001.00000002.794189213.0000000073221000.00000002.00020000.sdmp, c9.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02FA7DD8 Wow64EnableWow64FsRedirection,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,CloseHandle,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,4_2_02FA7DD8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_04E47DD8 Wow64EnableWow64FsRedirection,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,CloseHandle,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,6_2_04E47DD8

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.5:49911 -> 87.106.18.141:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.5:49911 -> 87.106.18.141:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.5:49924 -> 87.106.18.141:80
                      Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.5:49942 -> 87.106.18.141:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.5:49942 -> 87.106.18.141:80
                      Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
                      Source: Joe Sandbox ViewIP Address: 104.26.3.70 104.26.3.70
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: de-ch[1].htm.7.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
                      Source: msapplication.xml0.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf4cb4881,0x01d7bbd1</date><accdate>0xf4cb4881,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                      Source: msapplication.xml0.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf4cb4881,0x01d7bbd1</date><accdate>0xf4cb4881,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                      Source: msapplication.xml5.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf4d26f81,0x01d7bbd1</date><accdate>0xf4d26f81,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                      Source: msapplication.xml5.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf4d26f81,0x01d7bbd1</date><accdate>0xf4d26f81,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                      Source: msapplication.xml7.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf4d26f81,0x01d7bbd1</date><accdate>0xf4d26f81,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                      Source: msapplication.xml7.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf4d26f81,0x01d7bbd1</date><accdate>0xf4d26f81,0x01d7bbd1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                      Source: de-ch[1].htm.7.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
                      Source: de-ch[1].htm.7.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
                      Source: loaddll32.exe, 00000001.00000002.791222422.0000000001140000.00000002.00020000.sdmpString found in binary or memory: http://api10.laptok.at/api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/n
                      Source: {533A88BC-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: http://api10.laptok.at/api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/nehUVb
                      Source: {4A968DB9-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: http://api10.laptok.at/api1/ksE8rF5AGsnlH/fbLwQ3Lg/XhcZ8P1h_2Bo0_2BrjHAua5/e46Fw12wZ1/j1YBnIEVwMT0HV
                      Source: loaddll32.exe, 00000001.00000002.791222422.0000000001140000.00000002.00020000.sdmpString found in binary or memory: http://api10.laptok.at/api1/vcA0O3WPGnQgQOgmZF/_2FEMTJNH/erT8pAgL94iyg0QnSDs4/tF67e4iCqPFCwhTcy
                      Source: {5B5838B5-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.dr, ~DF1706887F6FAE5535.TMP.5.drString found in binary or memory: http://api10.laptok.at/api1/vcA0O3WPGnQgQOgmZF/_2FEMTJNH/erT8pAgL94iyg0QnSDs4/tF67e4iCqPFCwhTcyrL/52
                      Source: de-ch[1].htm.7.drString found in binary or memory: http://ogp.me/ns#
                      Source: de-ch[1].htm.7.drString found in binary or memory: http://ogp.me/ns/fb#
                      Source: auction[2].htm.7.drString found in binary or memory: http://popup.taboola.com/german
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                      Source: msapplication.xml.5.drString found in binary or memory: http://www.amazon.com/
                      Source: msapplication.xml1.5.drString found in binary or memory: http://www.google.com/
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
                      Source: msapplication.xml2.5.drString found in binary or memory: http://www.live.com/
                      Source: msapplication.xml3.5.drString found in binary or memory: http://www.nytimes.com/
                      Source: msapplication.xml4.5.drString found in binary or memory: http://www.reddit.com/
                      Source: msapplication.xml5.5.drString found in binary or memory: http://www.twitter.com/
                      Source: msapplication.xml6.5.drString found in binary or memory: http://www.wikipedia.com/
                      Source: msapplication.xml7.5.drString found in binary or memory: http://www.youtube.com/
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://amzn.to/2TTxhNg
                      Source: auction[2].htm.7.drString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;ap
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;m
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_na
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://client-s.gateway.messenger.live.com
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://clk.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=21863656
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=295926&amp;a=3064090&amp;g=24886692
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://contextualtag.media.net
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                      Source: auction[2].htm.7.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1633616402&amp;rver
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1633616402&amp;rver=7.0.6730.0&am
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://login.live.com/logout.srf?ct=1633616403&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1633616402&amp;rver=7.0.6730.0&amp;w
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com/#qt=mru
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com/about/en/download/
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com;Fotos
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://outlook.com/
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://outlook.live.com/calendar
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://secure.adnxs.com/clktrb?id=762232
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-nav
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
                      Source: imagestore.dat.5.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAPaLRV.img?h=368&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&amp;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://support.skype.com
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://twitter.com/
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://twitter.com/i/notifications;Ich
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopa
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-river
                      Source: iab2Data[1].json.7.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;t
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/
                      Source: {14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/finanzen/nachrichten/schweizer-arbeitsmarkt-auf-dem-weg-zum-vorkrisennivea
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/schweiz/bund-registriert-erneut-weniger-neue-corona-ansteckung
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/apps-bieten-nur-oberfl%c3%a4chlichen-zugang-zum-gegen%c3%bcber/
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/auto-nach-unfall-mit-milit%c3%a4rblachen-abgedeckt/ar-AALgoO8?o
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/die-araberinnen-und-araber-kehren-zur%c3%bcck/ar-AAPbaLO?ocid=h
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/gericht-verurteilt-mehrfachen-raser-zu-30-monaten-freiheitsstra
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/mann-54-wird-von-wurzelstock-getroffen-und-kommt-ums-leben/ar-A
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/schulleitung-warnt-eltern-vor-lebensbedrohlichem-ohnmacht-spiel
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/spezialisten-suchen-mit-sonarsonde-in-200-metern-tiefe-nach-ver
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/news/other/was-passierte-nur-drei-minuten-nach-dem-start/ar-AAP7LCM?ocid=h
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.skype.com/
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.skype.com/de
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.skype.com/de/download-skype
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=
                      Source: de-ch[1].htm.7.drString found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
                      Source: iab2Data[1].json.7.drString found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
                      Source: iab2Data[1].json.7.drString found in binary or memory: https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
                      Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
                      Source: unknownDNS traffic detected: queries for: www.msn.com
                      Source: global trafficHTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: geolocation.onetrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /pixel?cs=1&google_nid=media&google_cm=1&google_hm=Mjc2NjE4MDA5NjY4NDE3MzAwMFYxMA%3D%3D&google_sc=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cm.g.doubleclick.netConnection: Keep-AliveCookie: IDE=AHWqTUkh5fOLAUMX20ZV8xqf__2tu45ymTec8GQqE60qWk9cSV6VA3zk_7PBuUk4
                      Source: global trafficHTTP traffic detected: GET /sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: x.bidswitch.netConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /710489.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: id.rlcdn.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: x.bidswitch.netConnection: Keep-AliveCookie: tuuid=e3c6ab64-6227-451b-a0eb-80821c5205b0; c=1633616410; tuuid_lu=1633616410
                      Source: global trafficHTTP traffic detected: GET /track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: match.adsrvr.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: match.adsrvr.orgConnection: Keep-AliveCookie: TDID=b8ee5114-8694-4079-a979-819224d901d9; TDCPM=CAEYBSgCMgsIsMry3InqhDoQBTgB
                      Source: global trafficHTTP traffic detected: GET /sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dmedianet%26bsw_param%3De3c6ab64-6227-451b-a0eb-80821c5205b0&gdpr=0&gdpr_consent= HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: sync.mathtag.com
                      Source: global trafficHTTP traffic detected: GET /sync?dsp_id=80&user_id=7e4f615f-021c-4400-97d1-71d777cb5972&expires=30&ssp=medianet&bsw_param=e3c6ab64-6227-451b-a0eb-80821c5205b0&gdpr=0&gdpr_consent= HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: x.bidswitch.netCookie: tuuid=e3c6ab64-6227-451b-a0eb-80821c5205b0; c=1633616410; tuuid_lu=1633616411
                      Source: global trafficHTTP traffic detected: GET /ups/58222/sync?_origin=1&uid=2766180096684126000V10 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: ups.analytics.yahoo.com
                      Source: global trafficHTTP traffic detected: GET /ups/58222/sync?_origin=1&uid=2766180096684126000V10&verify=true HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: ups.analytics.yahoo.comCookie: A3=d=AQABBBwCX2ECEPuVj2RlU4od0aG8sPO8M2EFEgEBAQFTYGFoYQAAAAAA_eMAAA&S=AQAAAouTZ_8WaBi0hZfRZ-z61xY; B=62ctsudglu0gs&b=3&s=uo
                      Source: global trafficHTTP traffic detected: GET /ups/58222/sync?_origin=1&uid=2766180096684126000V10 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: pixel.advertising.com
                      Source: global trafficHTTP traffic detected: GET /ups/58222/sync?_origin=1&uid=2766180096684126000V10&verify=true HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: pixel.advertising.comCookie: APID=UPaf4281b3-2779-11ec-a664-02db7f727538
                      Source: global trafficHTTP traffic detected: GET /ups/58222/sync?_origin=1&uid=2766180096684126000V10&apid=UPaf4281b3-2779-11ec-a664-02db7f727538 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=69&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,uspAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: ups.analytics.yahoo.comCookie: A3=d=AQABBBwCX2ECEPuVj2RlU4od0aG8sPO8M2EFEgEBAQFTYGFoYQAAAAAA_eMAAAcIHAJfYfO8M2E&S=AQAAAq9EDu4ZC-eONZDFuqmxOcc; B=62ctsudglu0gs&b=3&s=uo; IDSYNC=18xa~20tq
                      Source: global trafficHTTP traffic detected: GET /tag?o=6208086025961472&upapi=true HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: btloader.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad.doubleclick.netConnection: Keep-AliveCookie: IDE=AHWqTUmHOxlMoxj0Pnqfm3OGPHOK5PB_3CT4Qubkpi3xpdeiBinOowt7h4y8MxfC1z8
                      Source: global trafficHTTP traffic detected: GET /px.gif?ch=1&e=0.7922055029919313 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad-delivery.netConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F229da042318840c2bedb0d7d4a629da7.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F06ad29ca279ef6d1a1d51484867ed930.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F42912d3264942cf3a1683ef85b453901.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fconsole.brax-cdn.com%2Fcreatives%2Fe3c5e00c-8d4e-4ffb-9b76-5a7c81cdd776%2F77745de3383e60a935ce533068c740ef_1000x600_e4825edea4eb82408ffb2966288c972c.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fprezna.com%2Fget%2FXX2-4159422330900454935.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboolasyndication.com%2Flibtrc%2Fstatic%2Fthumbnails%2F89b2a2c406225ac19893953e2f531377.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api1/ksE8rF5AGsnlH/fbLwQ3Lg/XhcZ8P1h_2Bo0_2BrjHAua5/e46Fw12wZ1/j1YBnIEVwMT0HVp4T/_2FSBVel_2BD/Mtuel1zuDld/8eZOKx2Uzqu7_2/B_2BIcRwCeM2BicM_2BIQ/dnUyI3L91KPOSGJF/REFJoC3NQRoXeRu/EUZgiBW5ykWpIixdja/XweS77_2F/YWVjXghErokmvPqxa1Ga/uF4H7dLvfoa5oaEuK7a/9t8Dhet7EJ2ycRjwV5Nh_2/FAcOKR5tjq4Mj/G592BKqi/FiGVSjGAGKhk57Y2OuTtOf7/wQ8JLEs_2B/SWOdJq12ovpP6_2Fy/QhV2Hdk6yUx_/2FiSux_2F/gXZMkf HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/nehUVbDEZih/YkDTsvTp3bYb8i/Kr6QeLqvadIsIs9pFukgL/OMDZLo4EFNLTVlQB/mKd2X3KJYAV3yVi/tdKjp4kt4yuYorXyBG/KNEUm6r2X/1LVNKB3ak_2Bz2y79hi5/ldIw1qOdPKTHg5FPpv_/2FZlNGmh0NUuq8aAo8LNJZ/wnXLcICktJOE5/BE2w0kMW/QOYuG2fkU6GX4EAYMrqGuqg/isDTO90LCo/1CJYfHJHGn0nJOZZW/Ng_2B8t HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/nehUVbDEZih/YkDTsvTp3bYb8i/Kr6QeLqvadIsIs9pFukgL/OMDZLo4EFNLTVlQB/mKd2X3KJYAV3yVi/tdKjp4kt4yuYorXyBG/KNEUm6r2X/1LVNKB3ak_2Bz2y79hi5/ldIw1qOdPKTHg5FPpv_/2FZlNGmh0NUukUFKfkxwRB/hAGRbgGMkRs0W/Sja4JDzR/Typ_2FEqqGLQtFoEBaUfObX/k5DqE7Fqcl/ITzT4jdSj7c8BXUAG/ZqSRTC99eEQu/fB3yRofhVGR/HGnlb HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api1/vcA0O3WPGnQgQOgmZF/_2FEMTJNH/erT8pAgL94iyg0QnSDs4/tF67e4iCqPFCwhTcyrL/52_2B_2BcPsTzSbd1llCdD/ZkNNF2cncA9XY/3_2BIi6C/H91C6tOMyng3uLUQeGWT6J6/j_2BQqOmyJ/sgWrxLykMWFajBZ62/tiwu_2Bleg5Y/3ODf0koCu30/inb_2Bah3KNq1n/fEvEAIuh_2FgMWpEfxDKP/e5bzrfbMyOWi_2Br/qr4SjrC797UY1dW/_2FynXROO34PZ3JC62/akz42HCrt/_2B8jaBnhM_2F2ymPrmX/yps30gw8ZnZS8JvDVQW/WFIuNMub/F HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive