Technical Information
- [<HKLM>\Software\Classes\gnosp\shell\open\command] '' = '"%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe" -URL="%L"'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'UserClient' = '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe -autorun'
- [<HKLM>\System\CurrentControlSet\Services\OSP Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\OSP Service] 'ImagePath' = '"%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe" -service'
- %TEMP%\nsa2.tmp
- %ProgramFiles%\gnway osp\userclient\emotion\def_82.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_83.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_84.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_85.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_86.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_87.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_88.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_89.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_69.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_9.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_91.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_92.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_93.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_94.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_95.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_96.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_97.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_98.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_80.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_81.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_8.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_79.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_78.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_60.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_61.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_62.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_63.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_64.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_65.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_66.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_67.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_99.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_90.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_68.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_70.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_71.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_72.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_73.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_74.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_75.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_76.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_77.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_6.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_7.gif
- %ProgramFiles%\gnway osp\userclient\icon\logo_link2.ico
- %ProgramFiles%\gnway osp\userclient\statereport.log
- %ProgramFiles%\gnway osp\userclient\icon\error.bmp
- %ProgramFiles%\gnway osp\userclient\skin\close.png
- %ProgramFiles%\gnway osp\userclient\skin\delfile.png
- %ProgramFiles%\gnway osp\userclient\skin\logo.ico
- %ProgramFiles%\gnway osp\userclient\skin\logo.png
- %ProgramFiles%\gnway osp\userclient\skin\main_bk.png
- %ProgramFiles%\gnway osp\userclient\skin\minimize.png
- %ProgramFiles%\gnway osp\userclient\skin\okbutton.png
- %ProgramFiles%\gnway osp\userclient\skin\screenshot.png
- %ProgramFiles%\gnway osp\userclient\icon\default_file.ico
- %ProgramFiles%\gnway osp\userclient\skin\skin.zip
- %TEMP%\nsk5.tmp\getversion.dll
- %ALLUSERSPROFILE%\desktop\¡°°ïîò°é¡±¿Г»§¶ë.lnk
- %ALLUSERSPROFILE%\start menu\programs\¡°°ïîò°é¡±ô¶³ì¿ГВ·ГѕГЇВµГВі-ВїГ»§¶ë\¡°°ïîò°é¡±ô¶³ì¿ГВ·ГѕГЇВµГВі-ВїГ»§¶ë.lnk
- %ALLUSERSPROFILE%\start menu\programs\¡°°ïîò°é¡±ô¶³ì¿ГВ·ГѕГЇВµГВі-ВїГ»§¶ë\ð¶ôø¿Г»§¶ë.lnk
- %ProgramFiles%\gnway osp\userclient\ospbase.log
- %ProgramFiles%\gnway osp\userclient\uninst.exe
- %ProgramFiles%\gnway osp\userclient\userdata\chat_3.1.db-journal
- %ProgramFiles%\gnway osp\userclient\userdata\chat_3.1.db
- %ProgramFiles%\gnway osp\userclient\skin\au_msgbox.png
- %ProgramFiles%\gnway osp\userclient\skin\button.png
- %ProgramFiles%\gnway osp\userclient\skin\au_mainicon.png
- %ProgramFiles%\gnway osp\userclient\skin\au_loginbutton.png
- %ProgramFiles%\gnway osp\userclient\skin\au_icon.png
- %ProgramFiles%\gnway osp\userclient\icon\image.bmp
- %ProgramFiles%\gnway osp\userclient\icon\image.png
- %ProgramFiles%\gnway osp\userclient\icon\image_error.bmp
- %ProgramFiles%\gnway osp\userclient\icon\image_error.png
- %ProgramFiles%\gnway osp\userclient\icon\info.bmp
- %ProgramFiles%\gnway osp\userclient\icon\info.png
- %ProgramFiles%\gnway osp\userclient\icon\logo.ico
- %ProgramFiles%\gnway osp\userclient\icon\logo_init.ico
- %ProgramFiles%\gnway osp\userclient\icon\default_folder.ico
- %ProgramFiles%\gnway osp\userclient\emotion\def_59.gif
- %ProgramFiles%\gnway osp\userclient\icon\logo_link1.ico
- %ProgramFiles%\gnway osp\userclient\icon\logo_link4.ico
- %ProgramFiles%\gnway osp\userclient\icon\logo_link5.ico
- %ProgramFiles%\gnway osp\userclient\icon\ok.bmp
- %ProgramFiles%\gnway osp\userclient\icon\ok.png
- %ProgramFiles%\gnway osp\userclient\language\l_simplified.ini
- %ProgramFiles%\gnway osp\userclient\language\l_traditional.ini
- %ProgramFiles%\gnway osp\userclient\skin\addfile.png
- %ProgramFiles%\gnway osp\userclient\skin\au_bg.png
- %ProgramFiles%\gnway osp\userclient\icon\error.png
- %ProgramFiles%\gnway osp\userclient\icon\logo_link3.ico
- %ProgramFiles%\gnway osp\userclient\config.ini
- %ProgramFiles%\gnway osp\userclient\emotion\def_58.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_48.gif
- %ProgramFiles%\gnway osp\userclient\language.ini
- %ProgramFiles%\gnway osp\userclient\emotion\def_0.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_1.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_10.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_100.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_101.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_102.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_103.gif
- %ProgramFiles%\gnway osp\userclient\dll_stun.dll
- %ProgramFiles%\gnway osp\userclient\emotion\def_104.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_106.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_107.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_108.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_109.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_11.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_110.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_111.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_12.gif
- %ProgramFiles%\gnway osp\userclient\userclient.exe
- %ProgramFiles%\gnway osp\userclient\screenhooks32.dll
- %ProgramFiles%\gnway osp\userclient\startclient.ocx
- %ProgramFiles%\gnway osp\userclient\terminateprocess.exe
- %ProgramFiles%\gnway osp\userclient\sendlogfile.exe
- %TEMP%\_osp_install_temp_\config.ini
- %TEMP%\nsa4.tmp
- %TEMP%\nsk5.tmp\system.dll
- %ProgramFiles%\gnway osp\userclient\setupskin.dll
- %ProgramFiles%\gnway osp\userclient\skin\setup_skn_animation.gif
- %TEMP%\nsk5.tmp\imagedisplayskin.dll
- %ProgramFiles%\gnway osp\userclient\install.log
- %ProgramFiles%\gnway osp\userclient\autoupdate.dll
- %ProgramFiles%\gnway osp\userclient\emotion\def_13.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_105.gif
- %ProgramFiles%\gnway osp\userclient\crashreport.dll
- %ProgramFiles%\gnway osp\userclient\gnauphelper.dll
- %ProgramFiles%\gnway osp\userclient\gnaupdaemon.exe
- %ProgramFiles%\gnway osp\userclient\gnfeedbackdll.dll
- %ProgramFiles%\gnway osp\userclient\ospbase.dll
- %ProgramFiles%\gnway osp\userclient\ospstatusviewer.exe
- %ProgramFiles%\gnway osp\userclient\persist_tds.dll
- %ProgramFiles%\gnway osp\userclient\stunping.exe
- %ProgramFiles%\gnway osp\userclient\screencapture.exe
- %TEMP%\_osp_install_temp_\userclient.exe
- %ProgramFiles%\gnway osp\userclient\duilib_u.dll
- %ProgramFiles%\gnway osp\userclient\emotion\def_26.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_56.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_16.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_4.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_40.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_41.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_42.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_43.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_44.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_45.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_46.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_14.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_47.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_49.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_5.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_50.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_51.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_52.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_53.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_54.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_55.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_38.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_39.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_37.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_36.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_35.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_18.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_19.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_2.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_20.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_21.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_22.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_23.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_24.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_15.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_57.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_25.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_28.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_29.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_3.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_30.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_31.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_32.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_33.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_34.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_17.gif
- %ProgramFiles%\gnway osp\userclient\emotion\def_27.gif
- %ProgramFiles%\gnway osp\userclient\crashdump_000000000_statrpt_webaccessfailed_20190731_233812.zip
- %TEMP%\nsk5.tmp\getversion.dll
- %TEMP%\nsk5.tmp\imagedisplayskin.dll
- %TEMP%\nsk5.tmp\system.dll
- %TEMP%\_osp_install_temp_\config.ini
- %TEMP%\_osp_install_temp_\userclient.exe
- %ProgramFiles%\gnway osp\userclient\userdata\chat_3.1.db-journal
- %ProgramFiles%\gnway osp\userclient\statereport.log
- %ProgramFiles%\gnway osp\userclient\crashdump_000000000_statrpt_webaccessfailed_20190731_233812.zip
- 'localhost':38227
- DNS ASK up####.gnway.com
- DNS ASK ap#.#angwo8.net
- DNS ASK up###e.gnway.cn
- DNS ASK fe####ck.gnvip.net
- '%TEMP%\_osp_install_temp_\userclient.exe'
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -AddTrustURL
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -install
- '%ProgramFiles%\gnway osp\userclient\gnaupdaemon.exe' -2147483646 Software\gnway\osp\UserClient
- '%ProgramFiles%\gnway osp\userclient\gnaupdaemon.exe' CallApplet
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -VendorID=2213
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -start
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -service
- '%ProgramFiles%\gnway osp\userclient\userclient.exe' -CrashReport 000000000_StatRpt_WebAccessFailed StateReport.log
- '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\GNWay OSP\UserClient\StartClient.ocx"