Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ukey' = '%LOCALAPPDATA%\sphol.exe'
- %LOCALAPPDATA%\sphol.exe
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file>