Loading ...

Play interactive tourEdit tour

Windows Analysis Report tebdXHvUhB.dll

Overview

General Information

Sample Name:tebdXHvUhB.dll
Analysis ID:526297
MD5:b39e97bde83db04c795d18b8f67e19ea
SHA1:d790b9fc4b6e37035357f1bcf3948b66c6931f15
SHA256:bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf
Tags:dllgeoGoziISFBITAUrsnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes or reads registry keys via WMI
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Tries to load missing DLLs
Contains functionality to read the PEB
Registers a DLL
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5728 cmdline: loaddll32.exe "C:\Users\user\Desktop\tebdXHvUhB.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 5516 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\tebdXHvUhB.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6432 cmdline: rundll32.exe "C:\Users\user\Desktop\tebdXHvUhB.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6400 cmdline: regsvr32.exe /s C:\Users\user\Desktop\tebdXHvUhB.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 4800 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 6672 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4800 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 4908 cmdline: rundll32.exe C:\Users\user\Desktop\tebdXHvUhB.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6652 cmdline: rundll32.exe C:\Users\user\Desktop\tebdXHvUhB.dll,ajybzkxdao MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5268 cmdline: rundll32.exe C:\Users\user\Desktop\tebdXHvUhB.dll,axvrbfstphcm MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.551516249.000000000203D000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000000.00000003.504353962.00000000022B8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000000.00000003.504254754.00000000022B8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000004.00000003.504490008.0000000005818000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000004.00000003.551179733.000000000559D000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 59 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.regsvr32.exe.1250000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              5.2.rundll32.exe.27e0000.1.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                5.2.rundll32.exe.27e0000.1.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  4.2.regsvr32.exe.1210000.1.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    8.2.rundll32.exe.3460000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 19 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 4.2.regsvr32.exe.1250000.2.unpackMalware Configuration Extractor: Ursnif {"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
                      Source: 0.2.loaddll32.exe.fc0000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: tebdXHvUhB.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.3:49789 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.3:49788 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49795 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.3:49796 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.3:49797 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49874 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49875 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49876 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49877 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49878 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49879 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49887 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49894 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49925 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49926 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49927 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49928 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49933 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49934 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:49937 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:49938 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50005 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50008 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50009 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50011 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50018 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50019 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50020 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50021 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50038 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50039 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50040 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50041 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50042 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50043 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50060 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50062 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50092 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50093 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50094 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50095 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50096 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50097 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 37.120.206.119:443 -> 192.168.2.3:50098 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 66.254.114.238:443 -> 192.168.2.3:50099 version: TLS 1.2
                      Source: tebdXHvUhB.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F2D65F6 FindFirstFileExW,0_2_6F2D65F6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_6F2D65F6 FindFirstFileExW,4_2_6F2D65F6

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: avolebukoneh.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 37.120.206.119 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 66.254.114.238 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.9.20.245 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: technoshoper.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.redtube.com
                      Source: Joe Sandbox ViewASN Name: M247GB M247GB
                      Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
                      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                      Source: Joe Sandbox ViewIP Address: 104.26.3.70 104.26.3.70
                      Source: Joe Sandbox ViewIP Address: 66.254.114.238 66.254.114.238
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                      Source: de-ch[1].htm.10.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.716359940.0000000005D31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: href="http://www.twitter.com/RedTube" equals www.twitter.com (Twitter)
                      Source: loaddll32.exe, 00000000.00000003.669614372.000000000149E000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.550886857.0000000005C31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: <a class="social-icon twitter" title="Twitter" href="http://www.twitter.com/RedTube" target="_blank" rel="nofollow"> equals www.twitter.com (Twitter)
                      Source: msapplication.xml0.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xea582ee7,0x01d7dfea</date><accdate>0xea6f6015,0x01d7dfea</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                      Source: msapplication.xml5.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf0488977,0x01d7dfea</date><accdate>0xf05dff71,0x01d7dfea</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                      Source: msapplication.xml7.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf0b1716b,0x01d7dfea</date><accdate>0xf0d07050,0x01d7dfea</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                      Source: de-ch[1].htm.10.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
                      Source: 52-478955-68ddb2ab[1].js.10.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
                      Source: de-ch[1].htm.10.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
                      Source: 52-478955-68ddb2ab[1].js.10.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
                      Source: 52-478955-68ddb2ab[1].js.10.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
                      Source: 52-478955-68ddb2ab[1].js.10.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.619074053.0000000005D7D000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://api.redtube.com/docs
                      Source: loaddll32.exe, 00000000.00000003.504353962.00000000022B8000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.504490008.0000000005818000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.523398489.0000000004EA8000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000002.886093164.00000000057D8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website
                      Source: loaddll32.exe, 00000000.00000003.504353962.00000000022B8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website/glik/.lwe.bmp088991256473
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.619074053.0000000005D7D000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://blog.redtube.com/
                      Source: loaddll32.exe, 00000000.00000003.597685862.000000000142E000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.567681872.0000000002CF1000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.619074053.0000000005D7D000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://feedback.redtube.com/
                      Source: de-ch[1].htm.10.drString found in binary or memory: http://ogp.me/ns#
                      Source: de-ch[1].htm.10.drString found in binary or memory: http://ogp.me/ns/fb#
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.619074053.0000000005D7D000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://press.redtube.com/
                      Source: loaddll32.exe, 00000000.00000003.669614372.000000000149E000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.550886857.0000000005C31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://schema.org
                      Source: {00CF8CC1-4BDE-11EC-90E9-ECF4BB862DED}.dat.7.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                      Source: imagestore.dat.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: loaddll32.exe, 00000000.00000003.504353962.00000000022B8000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.504490008.0000000005818000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.523398489.0000000004EA8000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000002.886093164.00000000057D8000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com
                      Source: rundll32.exe, 00000005.00000002.827270745.0000000004EA8000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com&
                      Source: regsvr32.exe, 00000004.00000002.871477984.0000000005818000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com(w
                      Source: rundll32.exe, 00000008.00000002.887367571.00000000057DD000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com/glik/5HiC8DW_/2FJSMmNtdpmRVfLjsD11dcd/Wcm_2FMoPY/XneOHwy6LVEhOF6of/z_2FM5GPE
                      Source: regsvr32.exe, 00000004.00000002.872884416.000000000581D000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com/glik/V7lBsFo1STMwdH5fVe/qewwgdjaB/ufVHFKGl8_2FZvAcBb8n/SYGCr_2BsNg8nw_2F3k/4
                      Source: rundll32.exe, 00000005.00000002.827974106.0000000004EAD000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com/glik/qsLY49Id5Xsp_2B/TkKRnKJffqO_2BYdL6/ZKJfofMBL/96gPbIokzIqPjXh17WGQ/u1U2o
                      Source: msapplication.xml.7.drString found in binary or memory: http://www.amazon.com/
                      Source: msapplication.xml1.7.drString found in binary or memory: http://www.google.com/
                      Source: 52-478955-68ddb2ab[1].js.10.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
                      Source: msapplication.xml2.7.drString found in binary or memory: http://www.live.com/
                      Source: msapplication.xml3.7.drString found in binary or memory: http://www.nytimes.com/
                      Source: msapplication.xml4.7.drString found in binary or memory: http://www.reddit.com/
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.716359940.0000000005D31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://www.redtubepremium.com/premium_signup?type=RemAds-ftr
                      Source: loaddll32.exe, 00000000.00000003.669614372.000000000149E000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.550886857.0000000005C31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://www.redtubepremium.com/premium_signup?type=RemAds-topRtSq
                      Source: msapplication.xml5.7.drString found in binary or memory: http://www.twitter.com/
                      Source: rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: http://www.twitter.com/RedTube
                      Source: msapplication.xml6.7.drString found in binary or memory: http://www.wikipedia.com/
                      Source: msapplication.xml7.7.drString found in binary or memory: http://www.youtube.com/
                      Source: rundll32.exe, 00000005.00000003.637200272.0000000002D1B000.00000004.00000001.sdmpString found in binary or memory: http://z.axp9.net/_x/
                      Source: loaddll32.exe, 00000000.00000003.669614372.000000000149E000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.550886857.0000000005C31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: https://ads.trafficjunky.net/ads?zone_id=2254621&amp;redirect=1&amp;format=popunder
                      Source: loaddll32.exe, 00000000.00000003.504743647.0000000001496000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.756313919.0000000002D3B000.00000004.00000001.sdmpString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
                      Source: loaddll32.exe, 00000000.00000003.504667160.000000000148E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.622971085.000000000149E000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.545292149.0000000002D1E000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.567755338.0000000002D1E000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/MicrosoftEdgeDownload&quot;
                      Source: de-ch[1].htm.10.drString found in binary or memory: https://amzn.to/2TTxhNg
                      Source: de-ch[1].htm.10.drString found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.10.drString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
                      Source: rundll32.exe, 00000005.00000003.800243205.0000000002CB4000.00000004.00000001.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
                      Source: rundll32.exe, 00000005.00000003.567655374.0000000002CD5000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.545215580.0000000002CD5000.00000004.00000001.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/onestorerolling-1605-16000/shell/common/respond-proxy.html
                      Source: loaddll32.exe, 00000000.00000003.504353962.00000000022B8000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.504490008.0000000005818000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.523398489.0000000004EA8000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000002.886093164.00000000057D8000.00000004.00000040.sdmpString found in binary or memory: https://avolebukoneh.website
                      Source: loaddll32.exe, 00000000.00000002.815540344.00000000014AD000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000003.591265201.0000000002CD5000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000002.816358930.0000000002D33000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/
                      Source: loaddll32.exe, 00000000.00000003.670162078.0000000001440000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/0)2
                      Source: loaddll32.exe, 00000000.00000003.737539129.0000000001440000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/0)G
                      Source: rundll32.exe, 00000005.00000002.816272418.0000000002CD5000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/4
                      Source: rundll32.exe, 00000005.00000002.816358930.0000000002D33000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/?
                      Source: loaddll32.exe, 00000000.00000003.597685862.000000000142E000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/H
                      Source: loaddll32.exe, 00000000.00000003.597685862.000000000142E000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/b
                      Source: loaddll32.exe, 00000000.00000003.669866211.0000000001422000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/e
                      Source: rundll32.exe, 00000005.00000003.748070750.0000000002CB4000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/HplGqLVqV1Nvdy9C0WQk/id1ZsF1keNeJEjdAEUH/B31v1drpLRba81Z5fvO_2B/6X
                      Source: rundll32.exe, 00000005.00000002.815064261.0000000002C9B000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/glik/jVe5_2FlPvH_/2BRDEjLo_2F/609jr81fTX_2FD/PNgsj5bEiZNy9aekCMww8/9cSO
                      Source: loaddll32.exe, 00000000.00000002.814650593.000000000142E000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000003.748093753.0000000002CD5000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/l
                      Source: rundll32.exe, 00000005.00000002.816272418.0000000002CD5000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/n
                      Source: loaddll32.exe, 00000000.00000002.813368613.00000000013CB000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website:443
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.10.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.10.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.623126155.0000000005421000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.747972477.00000000053E1000.00000004.00000040.sdmpString found in binary or memory: https://cdn1-smallimg.phncdn.com/50d75407e5758e6ertk1735e21215f08bb6d/rta-1.gif
                      Source: rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.676677405.0000000005F31000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.747972477.00000000053E1000.00000004.00000040.sdmpString found in binary or memory: https://cdn1-smallimg.phncdn.com/50d75407e5758e6ertk2735e21215f08bb6d/rta-2.gif
                      Source: rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.623126155.0000000005421000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.747972477.00000000053E1000.00000004.00000040.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/head/load-1.0.3.js
                      Source: loaddll32.exe, 00000000.00000003.669614372.000000000149E000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.550886857.0000000005C31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/ie-banner-1.0.0.js
                      Source: rundll32.exe, 00000008.00000003.604143132.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/jquery-1.10.2.js
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.623126155.0000000005421000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.747972477.00000000053E1000.00000004.00000040.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/jquery/jquery.cookie-1.4.0.js
                      Source: loaddll32.exe, 00000000.00000003.551450153.0000000001FBE000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.623126155.0000000005421000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.747972477.00000000053E1000.00000004.00000040.sdmpString found in binary or memory: https://cdn1d-static-shared.phncdn.com/timings-1.0.0.js
                      Source: rundll32.exe, 00000005.00000003.800349462.0000000002D1E000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.545308662.0000000002C9F000.00000004.00000001.sdmpString found in binary or memory: https://channel9.msdn.com/
                      Source: rundll32.exe, 00000005.00000003.615340119.00000000055E1000.00000004.00000001.sdmpString found in binary or memory: https://ci-ph.rdtcdn.co
                      Source: loaddll32.exe, 00000000.00000003.622877794.0000000001EC1000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.667221666.0000000005D01000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB1000.00000004.00000040.sdmp, rundll32.exe, 00000008.00000003.676677405.0000000005F31000.00000004.00000001.sdmpString found in binary or memory: https://ci-ph.rdtcdn.com/m=bIWpYLVg5p/pics/pornstars/000/001/944/thumb_46251.webp
                      Source: regsvr32.exe, 00000004.00000003.596822323.0000000005C31000.00000004.00000001.sdmpString found in binary or memory: https://ci-ph.rdtcdn.com/m=bIWpYLVg5p/pics/pornstars/000/003/670/t
                      Source: loaddll32.exe, 00000000.00000003.622877794.0000000001EC1000.00000004.00000040.sdmp, regsvr32.exe, 00000004.00000003.716359940.0000000005D31000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000003.639702979.0000000004AB100