Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %TEMP%\WinRing0x64.sys
- %TEMP%\mumu3-pin-tool.exe
- %TEMP%\com_zlongame_tdj_aligames_logo.png
- %TEMP%\com_zlongame_tdj_aligames.png
- %TEMP%\com_zlongame_tdj_aligames_background.png
- %WINDIR%\temp\udd5adf.tmp
- %WINDIR%\temp\udd5301.tmp
- %WINDIR%\temp\udd4b24.tmp
- %WINDIR%\temp\udd4346.tmp
- %TEMP%\nemu-downloader.log
- %TEMP%\aria2c.exe
- %TEMP%\skin.zip
- %WINDIR%\temp\udd6cf9.tmp
- %TEMP%\winring0.cat
- %TEMP%\winring0.inf
- %TEMP%\winring0x64.inf
- %TEMP%\winring0.sys
- %TEMP%\winring0x64.sys
- %TEMP%\config.ini
- %TEMP%\crashrpt_lang.ini
- %TEMP%\crashrpt1403.dll
- %TEMP%\crashrptprobe1403.dll
- %TEMP%\crashsender1403.exe
- %TEMP%\msvcp140.dll
- %TEMP%\winring0x64.cat
- %WINDIR%\temp\udd7534.tmp
- %WINDIR%\temp\udd4346.tmp
- %WINDIR%\temp\udd4b24.tmp
- %WINDIR%\temp\udd5301.tmp
- %WINDIR%\temp\udd5adf.tmp
- %WINDIR%\temp\udd6cf9.tmp
- %WINDIR%\temp\udd7534.tmp
- 'mu##.##e.netease.com':443
- 'ap#.####3.nie.netease.com':443
- 'g.##.#s.netease.com':80
- http://g.##.#s.netease.com/nemu/file/6047363a5e60279a646d1010uF72y8I503
- DNS ASK mu##.##e.netease.com
- DNS ASK ap#.####3.nie.netease.com
- DNS ASK g.##.#s.netease.com