http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll
http://193.176.190.41/ - rule_id: 42195
http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll
http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll
http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll
http://193.176.190.41/2fa883eebd632382.php - rule_id: 42194
http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll
http://x1.i.lencr.org/
http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll
http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll

aldiablo.cl(186.64.114.115) - malware
x1.i.lencr.org(23.52.33.11)
193.176.190.41 - mailcious
186.64.114.115 - malware
23.35.220.247

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET MALWARE Win32/Stealc Submitting Screenshot to C2

http://193.176.190.41/
http://193.176.190.41/2fa883eebd632382.php