We discussed a backdoor being installed filelessly onto a target system using JS_POWMET.DE, a script that abused legitimate functions.We recently learned the exact arrival method of this backdoor. As it turned out, it arrived via USB flash disks.