Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ball' = '%WINDIR%\Ball.exe'
- %ALLUSERSPROFILE%\start menu\programs\startup\ball.exe
- %WINDIR%\ball.exe
- %WINDIR%\temp\zk.exe
- '27#####118.f3322.net':1992
- DNS ASK 27#####118.f3322.net