http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll
http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll
http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll
http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll
http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll
http://193.176.190.41/
http://193.176.190.41/2fa883eebd632382.php
http://x1.i.lencr.org/
http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll
http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll

aldiablo.cl(186.64.114.115) - malware
x1.i.lencr.org(23.207.177.83)
193.176.190.41
23.41.113.9
186.64.114.115 - malware

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity