ValleyRAT download URL contacted by the malicious DLL via wininet APIs; URL is Base64-encoded in the DLL and payload is RC4-encrypted with key 'zenzensu'