Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cksstl.exe' = 'C:\\cksstl.exe'
- C:\cksstl.exe
- %TEMP%\dw.log
- %TEMP%\1FC5C.dmp
- <Full path to file>
- 'C:\cksstl.exe'
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 1 & del "<Full path to file>"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 460