Loading ...

Play interactive tourEdit tour

Windows Analysis Report WTXuYxax6d.dll

Overview

General Information

Sample Name:WTXuYxax6d.dll
Analysis ID:527046
MD5:cbe2a109ef92af54de51a534980151a7
SHA1:e71ab85a35df851229f87fde059ad35ed167bdbc
SHA256:450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
Tags:dllgeoGoziISFBITAursnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for domain / URL
Writes or reads registry keys via WMI
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Tries to load missing DLLs
Contains functionality to read the PEB
Registers a DLL
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6980 cmdline: loaddll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6992 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7012 cmdline: rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 7000 cmdline: regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 7020 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 7104 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7020 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 7052 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3684 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,azfdnkcrayghb MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6164 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,bngggbakts MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
      00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 67 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.rundll32.exe.2b80000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              0.2.loaddll32.exe.920000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                3.2.rundll32.exe.a60000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  0.2.loaddll32.exe.a80000.3.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    2.2.regsvr32.exe.4ea94a0.4.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 23 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.a60000.2.unpackMalware Configuration Extractor: Ursnif {"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: WTXuYxax6d.dllVirustotal: Detection: 18%Perma Link
                      Source: WTXuYxax6d.dllReversingLabs: Detection: 25%
                      Multi AV Scanner detection for domain / URLShow sources
                      Source: technoshoper.comVirustotal: Detection: 6%Perma Link
                      Source: avolebukoneh.websiteVirustotal: Detection: 6%Perma Link
                      Source: http://avolebukoneh.websiteVirustotal: Detection: 6%Perma Link
                      Source: 3.2.rundll32.exe.a60000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 2.2.regsvr32.exe.9f0000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 0.2.loaddll32.exe.920000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,0_2_736D6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,0_2_736D61F0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,2_2_736D6AD0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,2_2_736D61F0
                      Source: WTXuYxax6d.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49823 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49821 version: TLS 1.2
                      Source: WTXuYxax6d.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736DA676 FindFirstFileExW,0_2_736DA676
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736DA676 FindFirstFileExW,2_2_736DA676

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: avolebukoneh.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.9.20.245 187Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: technoshoper.com
                      Source: Joe Sandbox ViewASN Name: DEDIPATH-LLCUS DEDIPATH-LLCUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
                      Source: Joe Sandbox ViewIP Address: 104.26.7.139 104.26.7.139
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: de-ch[1].htm.6.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
                      Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5b7697ab,0x01d7e09b</date><accdate>0x5bc2e279,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                      Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5cea86ad,0x01d7e09b</date><accdate>0x5d098694,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                      Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5d6da6d7,0x01d7e09b</date><accdate>0x5d8ca4fa,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                      Source: de-ch[1].htm.6.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
                      Source: de-ch[1].htm.6.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website/glik/.lwe.bmp08899
                      Source: regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website/glik/.lwe.bmp088991256473871MNTYAIDA1010010B
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns#
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns/fb#
                      Source: loaddll32.exe, 00000000.00000002.880735294.00000000016F0000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.756172604.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: http://schemas.mic
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                      Source: imagestore.dat.6.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com
                      Source: msapplication.xml.4.drString found in binary or memory: http://www.amazon.com/
                      Source: msapplication.xml1.4.drString found in binary or memory: http://www.google.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
                      Source: msapplication.xml2.4.drString found in binary or memory: http://www.live.com/
                      Source: msapplication.xml3.4.drString found in binary or memory: http://www.nytimes.com/
                      Source: msapplication.xml4.4.drString found in binary or memory: http://www.reddit.com/
                      Source: msapplication.xml5.4.drString found in binary or memory: http://www.twitter.com/
                      Source: msapplication.xml6.4.drString found in binary or memory: http://www.wikipedia.com/
                      Source: msapplication.xml7.4.drString found in binary or memory: http://www.youtube.com/
                      Source: rundll32.exe, 00000003.00000002.884652837.00000000054F0000.00000004.00000001.sdmpString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
                      Source: regsvr32.exe, 00000002.00000003.734351733.0000000003000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.726519233.00000000054F1000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/MicrosoftEdgeDownload&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://amzn.to/2TTxhNg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
                      Source: regsvr32.exe, 00000002.00000003.734498309.0000000004FC1000.00000004.00000040.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
                      Source: rundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/onestorerolling-1605-16000/shell/common/respond-proxy.html
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://avolebukoneh.website
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/e
                      Source: regsvr32.exe, 00000002.00000003.800848610.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/KwktcAgJA3haqk0/Ms0fL0B4XccTTFIyK9/usG_2BHjp/uyERKVkE6Su_2Fw3uS2y/
                      Source: regsvr32.exe, 00000002.00000003.845331673.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/kUbizXMZCF/wcseO9tQzGMWY7_2B/Eo6XsQr55EXJ/TJZ97_2F328/3bdZBpl1pP_2
                      Source: regsvr32.exe, 00000002.00000003.686079514.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/oPO1MTCZATyGVB9JDx/_2BxLrMZv/XGH5EgNCAONySOCpr4U_/2F_2FSC6yLxw_2BR
                      Source: regsvr32.exe, 00000002.00000003.823530558.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7
                      Source: regsvr32.exe, 00000002.00000003.756172604.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6p
                      Source: regsvr32.exe, 00000002.00000003.731474179.0000000002F70000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000003.731155022.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6pjl/8TeMZNhc43A_2FVYsQ/YCg3QZ_2F/BXKX
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/l
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/lI
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;m
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_na
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://client-s.gateway.messenger.live.com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=195119&amp;a=3064090&amp;g=25021476
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://doceree.com/.well-known/deviceStorage.json
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://doceree.com/us-privacy-policy/
                      Source: rundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpString found in binary or memory: https://docs.microsoft.co
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://evorra.com/product-privacy-policy/
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                      Source: rundll32.exe, 00000003.00000003.726519233.00000000054F1000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1637661098&amp;rver
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1637661098&amp;rver=7.0.6730.0&am
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/logout.srf?ct=1637661099&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1637661098&amp;rver=7.0.6730.0&amp;w
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://nextmillennium.io/privacy-policy/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/#qt=mru
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/about/en/download/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;Fotos
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://optimise-it.de/datenschutz
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://outlook.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/calendar
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://secure.adnxs.com/clktrb?id=764680&amp;t=1
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://silvermob.com/privacy
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://smartyads.com/privacy-policy
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-nav
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
                      Source: imagestore.dat.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAQXqYx.img?h=368&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
                      Source: rundll32.exe, 00000003.00000002.884652837.00000000054F0000.00000004.00000001.sdmpString found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://support.skype.com
                      Source: loaddll32.exe, 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://technoshoper.com
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: https://technoshoper.com/
                      Source: regsvr32.exe, 00000002.00000003.823390201.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/H
                      Source: regsvr32.exe, 00000002.00000003.708524872.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/Y
                      Source: regsvr32.exe, 00000002.00000002.880512445.0000000002F70000.00000004.00000020.sdmpString found in binary or memory: https://technoshoper.com/glik/DGgts_2FWsor6_2F7EcO1Do/0g4WUbLA1T/K9_2Bu0NIeWan9Hma/XZBvL_2BDNj7/jAap
                      Source: regsvr32.exe, 00000002.00000003.778713654.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/OQ_2FSYw86Sxjr/PESASP_2FSM3YGvvX26Dq/ljvCWkBfAIxpXwGa/HkN5fLu170jCgxh/
                      Source: regsvr32.exe, 00000002.00000003.708500123.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/lsOg58W5F/6ZKRcoE0Nf7NwQdc4and/0Ilh3sQ5ND8zcWVsYpl/LRv_2FK7ZV_2F34vpiC
                      Source: regsvr32.exe, 00000002.00000003.664286279.0000000002F73000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/qu_2BrFb5C/WnN6ktioLVJSC7NZ8/8U42mL0TVXds/GucNTaVpvRD/cGAaQnoHqkvTq7/u
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/rHKCmFtHVZPPm/wqY5wPH_/2F29vTv7wl_2FGq_2BrLvy6/oSB1MCzJ6Y/1nsQKibmjik_
                      Source: regsvr32.exe, 00000002.00000003.778604990.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/k
                      Source: loaddll32.exe, 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://technoshoper.comhttps://avolebukoneh.websitehttp://technoshoper.comhttp://avolebukoneh.websi
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://twitter.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://twitter.com/i/notifications;Ich
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.botman.ninja/privacy-policy
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;t
                      Source: imagestore.dat.6.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/%c3%b6ffentliche-terrassen-und-mehr-velowege-dar%c3%bcber-stimm
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/brand-an-der-langstrasse/ar-AAQXL4f?ocid=hplocalnews
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/defektes-paket-mit-radioaktivem-inhalt-in-swiss-flieger-entdeck
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/die-stadt-will-neue-velostationen-und-f%c3%bchrt-vierstunden-pa
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/er-schrie-g%c3%b6nd-weg-verpisst-euch-dann-gab-er-gas/ar-AAR0rV
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/kann-bei-diesem-tempo-und-so-vielen-passagieren-nicht-einfach-b
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-liefert-sich-wilde-verfolgungsjagd-mit-der-poli
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-st%c3%bcrzt-nach-verfolgungsjagd-mit-der-polize
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/whistleblower-verliert-vor-gericht-gegen-z%c3%bcrcher-unispital
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/other/runter-rauf-runter-wie-gc-in-genf-vom-weg-abkommt/ar-AAQYdQe?o
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
                      Source: de-ch[1].htm.6.dr<