http://www.cyrilgraze.com/p2io/?WZ=ytsDIrP&ibxHRhGx=PONkgH6OT+IdHpvpbj4YyU3gBn/U0y1OFS1Y8BXnr3YdY2x3tUozsMLieTk0sG+frQWfUBsy - rule_id: 1567
http://www.cyrilgraze.com/p2io/ - rule_id: 1567
http://www.micheldrake.com/p2io/ - rule_id: 1550
http://www.micheldrake.com/p2io/?WZ=ytsDIrP&ibxHRhGx=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw - rule_id: 1550
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:2052101556&cup2hreq=876c248ec5ef25e72ce37cb3d31e61f13291d289045ee395f5c45bb4a691de2a
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201

edgedl.me.gvt1.com(34.104.35.123)
www.buylocalclub.info() - mailcious
www.micheldrake.com(192.0.78.25)
www.zgcbw.net() - mailcious
www.cyrilgraze.com(172.67.138.177)
www.m678.xyz()
142.250.66.110
142.250.66.131
34.104.35.123
192.0.78.25 - mailcious
104.21.65.7

ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE FormBook CnC Checkin (GET)
ET INFO EXE - Served Attached HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

http://www.cyrilgraze.com/p2io/
http://www.cyrilgraze.com/p2io/
http://www.micheldrake.com/p2io/
http://www.micheldrake.com/p2io/

http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f