event.category="dns" and (endpoint.os="windows" and (event.dns.request contains "azurewebsites.net" and (not ((src.process.image.path in ("C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe","C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe")) or (src.process.image.path in ("C:\\Program Files\\Mozilla Firefox\\firefox.exe","C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe")) or (src.process.image.path in ("C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe","C:\\Program Files\\Internet Explorer\\iexplore.exe")) or (src.process.image.path contains "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\" or src.process.image.path contains "\\WindowsApps\\MicrosoftEdge.exe" or (src.process.image.path in ("C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe","C:\\Program Files\\Microsoft\\Edge\\Application\\msedge.exe"))) or ((src.process.image.path contains "C:\\Program Files (x86)\\Microsoft\\EdgeCore\\" or src.process.image.path contains "C:\\Program Files\\Microsoft\\EdgeCore\\") and (src.process.image.path contains "\\msedge.exe" or src.process.image.path contains "\\msedgewebview2.exe")) or src.process.image.path contains "\\safari.exe" or (src.process.image.path contains "\\MsMpEng.exe" or src.process.image.path contains "\\MsSense.exe") or (src.process.image.path contains "\\brave.exe" and src.process.image.path contains "C:\\Program Files\\BraveSoftware\\") or (src.process.image.path contains "\\AppData\\Local\\Maxthon\\" and src.process.image.path contains "\\maxthon.exe") or (src.process.image.path contains "\\AppData\\Local\\Programs\\Opera\\" and src.process.image.path contains "\\opera.exe") or ((src.process.image.path contains "C:\\Program Files\\SeaMonkey\\" or src.process.image.path contains "C:\\Program Files (x86)\\SeaMonkey\\") and src.process.image.path contains "\\seamonkey.exe") or (src.process.image.path contains "\\AppData\\Local\\Vivaldi\\" and src.process.image.path contains "\\vivaldi.exe") or ((src.process.image.path contains "C:\\Program Files\\Naver\\Naver Whale\\" or src.process.image.path contains "C:\\Program Files (x86)\\Naver\\Naver Whale\\") and src.process.image.path contains "\\whale.exe") or src.process.image.path contains "\\Tor Browser\\" or ((src.process.image.path contains "C:\\Program Files\\Waterfox\\" or src.process.image.path contains "C:\\Program Files (x86)\\Waterfox\\") and src.process.image.path contains "\\Waterfox.exe") or (src.process.image.path contains "\\AppData\\Local\\Programs\\midori-ng\\" and src.process.image.path contains "\\Midori Next Generation.exe") or ((src.process.image.path contains "C:\\Program Files\\SlimBrowser\\" or src.process.image.path contains "C:\\Program Files (x86)\\SlimBrowser\\") and src.process.image.path contains "\\slimbrowser.exe") or (src.process.image.path contains "\\AppData\\Local\\Flock\\" and src.process.image.path contains "\\Flock.exe") or (src.process.image.path contains "\\AppData\\Local\\Phoebe\\" and src.process.image.path contains "\\Phoebe.exe") or ((src.process.image.path contains "C:\\Program Files\\Falkon\\" or src.process.image.path contains "C:\\Program Files (x86)\\Falkon\\") and src.process.image.path contains "\\falkon.exe") or ((src.process.image.path contains "C:\\Program Files (x86)\\Avant Browser\\" or src.process.image.path contains "C:\\Program Files\\Avant Browser\\") and src.process.image.path contains "\\avant.exe")))))
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments