API tools faq
paste
Advertisement
spamreports

emotet gobabynames.com/dz6r/xytx7/

spamreports
Dec 19th, 2019
496
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.28 KB | None | 0 0
raw download clone embed print report
  1. emotet
  2.  
  3. http://gobabynames.com/dz6r/xytx7/
  4. windows10_x64
  5.  
  6. http://gobabynames.com/dz6r/xytx7/
  7.  
  8. 10
  9. MALWARE CONFIG
  10. SIGNATURES
  11. TTP Categories1
  12. Signatures9
  13. PROCESSES6
  14. NETWORK
  15. TCP
  16. UDP
  17. REPLAY MONITOR
  18. BACKEND
  19. horse2
  20.  
  21. MAX TIME KERNEL
  22. 103s
  23.  
  24. REPORTED
  25. 2019-12-19T10:34:21Z
  26.  
  27. RESOURCE
  28. win10v191014
  29.  
  30. SCORE
  31. 10
  32.  
  33. SUBMITTED
  34. 2019-12-19T10:31:45Z
  35.  
  36. TAGS
  37. trojan,banker,family:emotet
  38.  
  39. TTP
  40. T1112
  41.  
  42. Target
  43. http://gobabynames.com/dz6r/xytx7/
  44.  
  45. Filesize
  46. N/A
  47.  
  48. Completed
  49. 2019-12-19 12:34
  50.  
  51. Score
  52. 10
  53. /10
  54. MD5
  55. N/A
  56.  
  57. SHA1
  58. N/A
  59.  
  60. SHA256
  61. N/A
  62.  
  63. emotet trojan banker
  64. Extracted
  65. Family
  66. emotet
  67. rsa_pubkey.plain
  68. -----BEGIN PUBLIC KEY-----
  69. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKl4M80uy0jcxUiFIaJJyxgHVVnFtCq6
  70. bi6f2xXPh/XUZNyN8UXDe5HzhTc4kwon9MBZffNwFOIc61QfV3K3YzEI/ktcyNqK
  71. LS67ONxsVep769QdiVQJXrIaFjMXKz6viwIDAQAB
  72. -----END PUBLIC KEY-----
  73. C2
  74. 1.215.28.101:8080
  75.  
  76. 1.215.28.101:8080
  77. 184.167.148.162:80
  78.  
  79. 184.167.148.162:80
  80. 66.25.34.20:80
  81.  
  82. 66.25.34.20:80
  83. 165.227.156.155:443
  84.  
  85. 165.227.156.155:443
  86. 167.99.105.223:7080
  87.  
  88. 167.99.105.223:7080
  89. 67.225.179.64:8080
  90.  
  91. 67.225.179.64:8080
  92. 176.31.200.130:8080
  93.  
  94. 176.31.200.130:8080
  95. 190.220.19.82:443
  96.  
  97. 190.220.19.82:443
  98. 91.242.138.5:443
  99.  
  100. 91.242.138.5:443
  101. 159.65.25.128:8080
  102.  
  103. 159.65.25.128:8080
  104. 61.197.110.214:80
  105.  
  106. 61.197.110.214:80
  107. 110.143.84.202:80
  108.  
  109. 110.143.84.202:80
  110. 95.128.43.213:8080
  111.  
  112. 95.128.43.213:8080
  113. 91.73.197.90:80
  114.  
  115. 91.73.197.90:80
  116. 201.184.105.242:443
  117.  
  118. 201.184.105.242:443
  119. 108.179.206.219:8080
  120.  
  121. 108.179.206.219:8080
  122. 181.57.193.14:80
  123.  
  124. 181.57.193.14:80
  125. 188.152.7.140:80
  126.  
  127. 188.152.7.140:80
  128. 139.130.241.252:443
  129.  
  130. 139.130.241.252:443
  131. 197.254.221.174:80
  132.  
  133. 197.254.221.174:80
  134. 144.139.247.220:80
  135.  
  136. 144.139.247.220:80
  137. 211.63.71.72:8080
  138.  
  139. 211.63.71.72:8080
  140. 165.228.24.197:80
  141.  
  142. 165.228.24.197:80
  143. 31.31.77.83:443
  144.  
  145. 31.31.77.83:443
  146. 110.142.38.16:80
  147.  
  148. 110.142.38.16:80
  149. 78.24.219.147:8080
  150.  
  151. 78.24.219.147:8080
  152. 58.171.42.66:8080
  153.  
  154. 58.171.42.66:8080
  155. 64.53.242.181:8080
  156.  
  157. 64.53.242.181:8080
  158. 104.137.176.186:80
  159.  
  160. 104.137.176.186:80
  161. 66.209.97.122:8080
  162.  
  163. 66.209.97.122:8080
  164. 50.116.86.205:8080
  165.  
  166. 50.116.86.205:8080
  167. 47.6.15.79:80
  168.  
  169. 47.6.15.79:80
  170. 217.160.182.191:8080
  171.  
  172. 217.160.182.191:8080
  173. 206.189.112.148:8080
  174.  
  175. 206.189.112.148:8080
  176. 31.172.240.91:8080
  177.  
  178. 31.172.240.91:8080
  179. 86.98.156.239:443
  180.  
  181. 86.98.156.239:443
  182. 182.176.132.213:8090
  183.  
  184. 182.176.132.213:8090
  185. 173.91.11.142:80
  186.  
  187. 173.91.11.142:80
  188. 179.13.185.19:80
  189.  
  190. 179.13.185.19:80
  191. 64.147.15.138:80
  192.  
  193. 64.147.15.138:80
  194. 218.44.21.114:80
  195.  
  196. 218.44.21.114:80
  197. 176.106.183.253:8080
  198.  
  199. 176.106.183.253:8080
  200. 120.150.246.241:80
  201.  
  202. 120.150.246.241:80
  203. 87.106.136.232:8080
  204.  
  205. 87.106.136.232:8080
  206. 59.148.227.190:80
  207.  
  208. 59.148.227.190:80
  209. 107.170.24.125:8080
  210.  
  211. 107.170.24.125:8080
  212. 116.48.142.21:443
  213.  
  214. 116.48.142.21:443
  215. 75.80.148.244:80
  216.  
  217. 75.80.148.244:80
  218. 37.157.194.134:443
  219.  
  220. 37.157.194.134:443
  221. 45.33.49.124:443
  222.  
  223. 45.33.49.124:443
  224. 190.53.135.159:21
  225.  
  226. 190.53.135.159:21
  227. 128.65.154.183:443
  228.  
  229. 128.65.154.183:443
  230. 201.173.217.124:443
  231.  
  232. 201.173.217.124:443
  233. 100.14.117.137:80
  234.  
  235. 100.14.117.137:80
  236. 93.147.141.5:80
  237.  
  238. 93.147.141.5:80
  239. 206.81.10.215:8080
  240.  
  241. 206.81.10.215:8080
  242. 82.27.181.93:80
  243.  
  244. 82.27.181.93:80
  245. 85.152.174.56:80
  246.  
  247. 85.152.174.56:80
  248. 104.131.44.150:8080
  249.  
  250. 104.131.44.150:8080
  251. 178.210.51.222:8080
  252.  
  253. 178.210.51.222:8080
  254. 1.33.230.137:80
  255.  
  256. 1.33.230.137:80
  257. 47.156.70.145:80
  258.  
  259. 47.156.70.145:80
  260. 104.131.11.150:8080
  261.  
  262. 104.131.11.150:8080
  263. 2.38.99.79:80
  264.  
  265. 2.38.99.79:80
  266. 31.131.182.30:80
  267.  
  268. 31.131.182.30:80
  269. 46.216.60.138:80
  270.  
  271. 46.216.60.138:80
  272. 209.97.168.52:8080
  273.  
  274. 209.97.168.52:8080
  275. 200.7.243.108:443
  276.  
  277. 200.7.243.108:443
  278. 178.209.71.63:8080
  279.  
  280. 178.209.71.63:8080
  281. 73.214.99.25:80
  282.  
  283. 73.214.99.25:80
  284. 85.72.180.68:80
  285.  
  286. 85.72.180.68:80
  287. 85.67.10.190:80
  288.  
  289. 85.67.10.190:80
  290. 183.102.238.69:465
  291.  
  292. 183.102.238.69:465
  293. 209.141.54.221:8080
  294.  
  295. 209.141.54.221:8080
  296. 219.78.255.48:80
  297.  
  298. 219.78.255.48:80
  299. 80.21.182.46:80
  300.  
  301. 80.21.182.46:80
  302. 5.88.182.250:80
  303.  
  304. 5.88.182.250:80
  305. 62.75.187.192:8080
  306.  
  307. 62.75.187.192:8080
  308. 68.118.26.116:80
  309.  
  310. 68.118.26.116:80
  311. 101.187.134.207:443
  312.  
  313. 101.187.134.207:443
  314. 92.222.216.44:8080
  315.  
  316. 92.222.216.44:8080
  317. 5.154.58.24:80
  318.  
  319. 5.154.58.24:80
  320. 104.236.246.93:8080
  321.  
  322. 104.236.246.93:8080
  323. 149.202.153.252:8080
  324.  
  325. 149.202.153.252:8080
  326. 59.103.164.174:80
  327.  
  328. 59.103.164.174:80
  329. 212.64.171.206:80
  330.  
  331. 212.64.171.206:80
  332. 173.12.14.133:8080
  333.  
  334. 173.12.14.133:8080
  335. 195.244.215.206:80
  336.  
  337. 195.244.215.206:80
  338. 47.6.15.79:443
  339.  
  340. 47.6.15.79:443
  341. 45.51.40.140:80
  342.  
  343. 45.51.40.140:80
  344. 73.176.241.255:80
  345.  
  346. 73.176.241.255:80
  347. 37.59.24.177:8080
  348.  
  349. 37.59.24.177:8080
  350. 212.129.24.79:8080
  351.  
  352. 212.129.24.79:8080
  353. 12.176.19.218:80
  354.  
  355. 12.176.19.218:80
  356. 110.143.57.109:80
  357.  
  358. 110.143.57.109:80
  359. 81.0.63.86:8080
  360.  
  361. 81.0.63.86:8080
  362. 190.189.224.117:443
  363.  
  364. 190.189.224.117:443
  365. 5.196.74.210:8080
  366.  
  367. 5.196.74.210:8080
  368. 46.105.131.87:80
  369.  
  370. 46.105.131.87:80
  371. 82.155.161.203:80
  372.  
  373. 82.155.161.203:80
  374. 87.230.19.21:8080
  375.  
  376. 87.230.19.21:8080
  377. 186.75.241.230:80
  378.  
  379. 186.75.241.230:80
  380. 186.67.208.78:8080
  381.  
  382. 186.67.208.78:8080
  383. 174.81.132.128:80
  384.  
  385. 174.81.132.128:80
  386. 138.59.177.106:443
  387.  
  388. 138.59.177.106:443
  389. 211.44.35.111:80
  390.  
  391. 211.44.35.111:80
  392. 66.34.201.20:7080
  393.  
  394. 66.34.201.20:7080
  395. 91.205.215.66:443
  396.  
  397. 91.205.215.66:443
  398. 70.175.171.251:80
  399.  
  400. 70.175.171.251:80
  401. 24.93.212.32:80
  402.  
  403. 24.93.212.32:80
  404. 174.77.190.137:8080
  405.  
  406. 174.77.190.137:8080
  407. 31.177.54.196:443
  408.  
  409. 31.177.54.196:443
  410. 83.136.245.190:8080
  411.  
  412. 83.136.245.190:8080
  413. 210.6.85.121:80
  414.  
  415. 210.6.85.121:80
  416. 189.209.217.49:80
  417.  
  418. 189.209.217.49:80
  419. 190.147.215.53:22
  420.  
  421. 190.147.215.53:22
  422. 190.12.119.180:443
  423.  
  424. 190.12.119.180:443
  425. 101.187.247.29:80
  426.  
  427. 101.187.247.29:80
  428. 74.105.102.97:8080
  429.  
  430. 74.105.102.97:8080
  431. 70.46.247.81:80
  432.  
  433. 70.46.247.81:80
  434. 192.241.255.77:8080
  435.  
  436. 192.241.255.77:8080
  437. 87.106.139.101:8080
  438.  
  439. 87.106.139.101:8080
  440. 167.71.10.37:8080
  441.  
  442. 167.71.10.37:8080
  443. 2.237.76.249:80
  444.  
  445. 2.237.76.249:80
  446. 201.251.133.92:443
  447.  
  448. 201.251.133.92:443
  449. 2.235.190.23:8080
  450.  
  451. 2.235.190.23:8080
  452. 173.247.19.238:80
  453.  
  454. 173.247.19.238:80
  455. Defense Evasion
  456. Emotet
  457. Executes dropped EXE
  458. vaxEDfiRvzxlNwu.exe
  459. vaxEDfiRvzxlNwu.exe
  460. mailboxmethods.exe
  461. mailboxmethods.exe
  462. Drops file in System32 directory
  463. mailboxmethods.exe
  464. vaxEDfiRvzxlNwu.exe
  465. Reported IOC
  466. vaxEDfiRvzxlNwu.exe
  467. C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\89TS8EPW\vaxEDfiRvzxlNwu.exe => C:\Windows\SysWOW64\mailboxmethods.exe File renamed
  468. Reported IOC
  469. mailboxmethods.exe
  470. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 File opened for modification
  471. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat File opened for modification
  472. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 File opened for modification
  473. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE File opened for modification
  474. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies File opened for modification
  475. Suspicious use of WriteProcessMemory
  476. iexplore.exe
  477. vaxEDfiRvzxlNwu.exe
  478. mailboxmethods.exe
  479. Reported IOC
  480. iexplore.exe
  481. PID 4948 wrote to memory of 4996
  482. PID 4948 wrote to memory of 4068
  483. Reported IOC
  484. vaxEDfiRvzxlNwu.exe
  485. PID 4068 wrote to memory of 4492
  486. Reported IOC
  487. mailboxmethods.exe
  488. PID 4624 wrote to memory of 4704
  489. Suspicious use of SetWindowsHookEx
  490. iexplore.exe
  491. IEXPLORE.EXE
  492. vaxEDfiRvzxlNwu.exe
  493. vaxEDfiRvzxlNwu.exe
  494. mailboxmethods.exe
  495. mailboxmethods.exe
  496. Suspicious behavior: EnumeratesProcesses
  497. mailboxmethods.exe
  498. Suspicious use of FindShellTrayWindow
  499. iexplore.exe
  500. Suspicious behavior: EmotetMutantsSpam
  501. vaxEDfiRvzxlNwu.exe
  502. mailboxmethods.exe
  503. Modifies Internet Explorer settings
  504. Matched TTPs
  505. Modify Registry
  506. Reported IOC
  507. Process #undefined
  508. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25043D89-2253-11EA-BD7F-CAA4BA82F157} = "0" Set value (int)
  509. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" Set value (str)
  510. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 4c6bfe76f785d501 Set value (data)
  511. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01dbe0160b6d501 Set value (data)
  512. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa00000000020000000000106600000001000020000000f0d40bd87a97a0c9faf222b56fa9c72360e8e410f5e21d4c496c6cbed0bd2d7c000000000e8000000002000020000000b1c372f13dab39b91220958b2149f4e982d45b789f1d7139ca98a607fccac02820000000533558faba88da67bf0876271abbbd28048b533302a2f33d52e6e401b8a72e9e40000000ee8f15b853c16c3e3dfeb137dd44c9fb582d22da2ae290295643b3f902f78e61076e15e8cdb331a3fcf01a9a1d12a19e6087c1262a92bd197b28de490d76fe01 Set value (data)
  513. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" Set value (str)
  514. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" Set value (int)
  515. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{EF1DBFAF-A3D5-4319-9E9E-C4D6753301E5}" Set value (str)
  516. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4193585660" Set value (int)
  517. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4268725600" Set value (int)
  518. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" Set value (int)
  519. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905cd80160b6d501 Set value (data)
  520. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" Set value (int)
  521. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30783071" Set value (int)
  522. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30783071" Set value (int)
  523. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa0000000002000000000010660000000100002000000022f596f0940a482a5e58365d2c7a86ef44fb995278b8deb84cfee162cf0748a7000000000e8000000002000020000000adf69fe3983063f147fc7cb37cbad3640404fea2b8641ccb47bd871a39b64de220000000c514b9d62906971dbf90cdfd96bb66eb06d7e61ace2460929fb9e7e9c015cdfc400000007ee6ae547e3f0592329260ce4b0400d20e6e09bc63d3160b219542aec2e587387342fea4cc4bd84a84cd409181f8cce00297fbcec94cb4e21dcb3d1d8f9e51f5 Set value (data)
  524. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" Set value (int)
  525. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 Set value (data)
  526. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" Set value (int)
  527. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" Set value (int)
  528. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4193585660" Set value (int)
  529. \REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000 Set value (data)
  530. C:\Program Files\Internet Explorer\iexplore.exe
  531. "C:\Program Files\Internet Explorer\iexplore.exe" http://gobabynames.com/dz6r/xytx7/
  532. Suspicious use of WriteProcessMemorySuspicious use of SetWindowsHookExSuspicious use of FindShellTrayWindow
  533. PID: 4948
  534. C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\89TS8EPW\vaxEDfiRvzxlNwu.exe
  535. "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\89TS8EPW\vaxEDfiRvzxlNwu.exe"
  536. Suspicious use of WriteProcessMemorySuspicious use of SetWindowsHookExExecutes dropped EXE
  537. PID: 4068
  538. C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\89TS8EPW\vaxEDfiRvzxlNwu.exe
  539. --de8bb2f0
  540. Suspicious use of SetWindowsHookExExecutes dropped EXESuspicious behavior: EmotetMutantsSpam
  541. PID: 4492
  542. C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  543. "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4948 CREDAT:82945 /prefetch:2
  544. Suspicious use of SetWindowsHookEx
  545. PID: 4996
  546. C:\Windows\SysWOW64\mailboxmethods.exe
  547. "C:\Windows\SysWOW64\mailboxmethods.exe"
  548. Suspicious use of WriteProcessMemorySuspicious use of SetWindowsHookExExecutes dropped EXE
  549. PID: 4624
  550. C:\Windows\SysWOW64\mailboxmethods.exe
  551. --43cbf7f0
  552. Suspicious use of SetWindowsHookExExecutes dropped EXESuspicious behavior: EnumeratesProcessesSuspicious behavior: EmotetMutantsSpam
  553. PID: 4704
  554. GET
  555. 200
  556. 104.238.220.186:80
  557. http://gobabynames.com/dz6r/xytx7/
  558. IEXPLORE.EXE
  559. 104.238.220.186:80
  560. gobabynames.com
  561. IEXPLORE.EXE
  562. 72.21.81.200:443
  563. iecvlist.microsoft.com
  564. iexplore.exe
  565. 8.248.109.254:80
  566. ctldl.windowsupdate.com
  567. iexplore.exe
  568. 93.184.220.29:80
  569. ocsp.digicert.com
  570. iexplore.exe
  571. 72.21.81.200:443
  572. iecvlist.microsoft.com
  573. 52.109.32.27:443
  574. officeclient.microsoft.com
  575. 52.109.124.21:443
  576. nexus.officeapps.live.com
  577. 1.215.28.101:8080
  578. mailboxmethods.exe
  579. 52.109.12.18:443
  580. nexusrules.officeapps.live.com
  581. 127.0.0.1:47001
  582. HEAD
  583. 200
  584. 104.81.140.70:443
  585. https://fs.microsoft.com/fs/windows/fontset-2017-04.json
  586. 8.248.109.254:80
  587. ctldl.windowsupdate.com
  588. 104.81.140.70:443
  589. fs.microsoft.com
  590. 104.81.140.70:443
  591. fs.microsoft.com
  592. 104.81.140.70:443
  593. fs.microsoft.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!