http://136.144.41.229/public/sqlite3.dll
https://bbuseruploads.s3.amazonaws.com/7cb2b9a6-8bc3-49fe-a2b6-8e9aea534518/downloads/650c9764-176a-49cd-aad7-61d972772227/File.png?Signature=r3Je48wVNO1bvdlgEcYkhQoEbrA%3D&Expires=1635501151&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=HkGYJi0mLzSso6bzzsGO9Vs_9MOZYip6&response-content-disposition=attachment%3B%20filename%3D%22File.png%22
https://bitbucket.org/terrywells9609/rz/downloads/File.png

bbuseruploads.s3.amazonaws.com(52.216.152.68) - malware
bitbucket.org(104.192.141.1) - malware
52.217.200.129
136.144.41.229 - mailcious
104.192.141.1 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

http://apps.identrust.com/roots/dstrootcax3.p7c

apps.identrust.com(119.207.65.74)
store2.gofile.io(31.14.69.10) - mailcious
31.14.69.10 - mailcious
121.254.136.57

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://apps.identrust.com/roots/dstrootcax3.p7c

apps.identrust.com(119.207.65.137)
store2.gofile.io(31.14.69.10) - mailcious
61.111.58.34 - malware
31.14.69.10 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://cdn.discordapp.com/attachments/888490061170110496/890313896316006410/Ryoajkwqxfhnekc.dll

cdn.discordapp.com(162.159.135.233) - malware
162.159.135.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)