Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserClient' = '"%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe" -autorun'
- [<HKLM>\SOFTWARE\Classes\gnosp\shell\open\command] '' = '"%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe" -URL="%L"'
- [<HKLM>\SYSTEM\ControlSet001\Services\OSP Service] 'ImagePath' = '"%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe" -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\OSP Service] 'Start' = '00000002'
- '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe' -VendorID=2079
- '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe' -start
- '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe' -service
- '%ProgramFiles%\GNWay OSP\UserClient\GNAupdaemon.exe' CallApplet
- '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe' -AddTrustURL
- '%ProgramFiles%\GNWay OSP\UserClient\UserClient.exe' -install
- '%ProgramFiles%\GNWay OSP\UserClient\GNAupdaemon.exe' -2147483646 Software\gnway\osp\UserClient
- '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\GNWay OSP\UserClient\StartClient.ocx"
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_85.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_84.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_86.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_88.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_87.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_83.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_8.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_79.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_80.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_82.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_81.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_95.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_94.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_96.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_98.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_97.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_93.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_9.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_89.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_90.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_92.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_91.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_78.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_64.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_63.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_65.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_67.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_66.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_62.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_59.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_58.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_6.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_61.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_60.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_74.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_73.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_75.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_77.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_76.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_72.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_69.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_68.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_7.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_71.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_70.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_99.gif
- %ProgramFiles%\GNWay OSP\UserClient\skin\logo.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\logo.ico
- %ProgramFiles%\GNWay OSP\UserClient\skin\main_bk.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\okbutton.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\minimize.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\delfile.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\au_loginbutton.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\au_icon.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\au_msgbox.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\close.png
- %ProgramFiles%\GNWay OSP\UserClient\skin\button.png
- %ProgramFiles%\GNWay OSP\UserClient\host.ini
- %ProgramFiles%\GNWay OSP\UserClient\OSPBase.log
- %ProgramFiles%\GNWay OSP\UserClient\uninst.exe
- %ProgramFiles%\GNWay OSP\UserClient\UserData\chat_3.1.db
- %ProgramFiles%\GNWay OSP\UserClient\UserData\chat_3.1.db-journal
- %ALLUSERSPROFILE%\Start Menu\Programs\№ЬјТЖЕИнјюФ¶іМ·юОс·юОс№ЬАнЖЅМЁ-їН»§¶Л\Р¶ФШїН»§¶Л.lnk
- %ProgramFiles%\GNWay OSP\UserClient\skin\skin.zip
- %ProgramFiles%\GNWay OSP\UserClient\skin\screenshot.png
- %ProgramFiles%\GNWay OSP\UserClient\config.ini
- %ALLUSERSPROFILE%\Start Menu\Programs\№ЬјТЖЕИнјюФ¶іМ·юОс·юОс№ЬАнЖЅМЁ-їН»§¶Л\№ЬјТЖЕИнјюФ¶іМ·юОс·юОс№ЬАнЖЅМЁ-їН»§¶Л.lnk
- %ALLUSERSPROFILE%\Desktop\Ў°№ЬјТЖЕИнјюФ¶іМ·юОсЎ±їН»§¶Л.lnk
- %ProgramFiles%\GNWay OSP\UserClient\skin\au_bg.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\image_error.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\image_error.bmp
- %ProgramFiles%\GNWay OSP\UserClient\icon\info.bmp
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\info.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\image.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\default_folder.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\default_file.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\error.bmp
- %ProgramFiles%\GNWay OSP\UserClient\icon\image.bmp
- %ProgramFiles%\GNWay OSP\UserClient\icon\error.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\ok.png
- %ProgramFiles%\GNWay OSP\UserClient\icon\ok.bmp
- %ProgramFiles%\GNWay OSP\UserClient\language\L_Simplified.ini
- %ProgramFiles%\GNWay OSP\UserClient\skin\addfile.png
- %ProgramFiles%\GNWay OSP\UserClient\language\L_Traditional.ini
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_link5.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_link1.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_init.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_link2.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_link4.ico
- %ProgramFiles%\GNWay OSP\UserClient\icon\logo_link3.ico
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_102.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_101.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_103.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_105.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_104.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_100.gif
- %ProgramFiles%\GNWay OSP\UserClient\message.wav
- %ProgramFiles%\GNWay OSP\UserClient\Language.ini
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_0.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_10.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_1.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_12.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_111.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_13.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_15.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_14.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_110.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_107.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_106.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_108.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_11.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_109.gif
- %ProgramFiles%\GNWay OSP\UserClient\ESL_config.ini
- %ProgramFiles%\GNWay OSP\UserClient\DLL_STUN.dll
- %TEMP%\~DF81AF.tmp
- %ProgramFiles%\GNWay OSP\UserClient\DuiLib_u.dll
- %ProgramFiles%\GNWay OSP\UserClient\GNAupdaemon.exe
- %ProgramFiles%\GNWay OSP\UserClient\GNAupHelper.dll
- %ProgramFiles%\GNWay OSP\UserClient\CrashReport.dll
- %ProgramFiles%\GNWay OSP\UserClient\SetupSkin.dll
- %TEMP%\nsr2.tmp
- %ProgramFiles%\GNWay OSP\UserClient\skin\setup_skn_animation.gif
- %ProgramFiles%\GNWay OSP\UserClient\AutoUpdate.dll
- %ProgramFiles%\GNWay OSP\UserClient\install.log
- %ProgramFiles%\GNWay OSP\UserClient\TerminateProcess.exe
- %ProgramFiles%\GNWay OSP\UserClient\SendLogFile.exe
- %ProgramFiles%\GNWay OSP\UserClient\StartClient.ocx
- %ProgramFiles%\GNWay OSP\UserClient\screenhooks32.dll
- %ProgramFiles%\GNWay OSP\UserClient\UserClient.exe
- %ProgramFiles%\GNWay OSP\UserClient\ScreenCapture.exe
- %ProgramFiles%\GNWay OSP\UserClient\OSPBase.dll
- %ProgramFiles%\GNWay OSP\UserClient\GNFeedbackDll.dll
- %ProgramFiles%\GNWay OSP\UserClient\OSPStatusViewer.exe
- %ProgramFiles%\GNWay OSP\UserClient\STUNPing.exe
- %ProgramFiles%\GNWay OSP\UserClient\Persist_TDS.dll
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_16.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_44.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_43.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_45.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_47.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_46.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_42.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_39.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_38.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_4.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_41.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_40.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_54.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_53.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_55.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_57.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_56.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_52.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_49.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_48.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_5.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_51.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_50.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_37.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_23.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_22.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_24.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_26.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_25.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_21.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_18.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_17.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_19.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_20.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_2.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_33.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_32.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_34.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_36.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_35.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_31.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_28.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_27.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_29.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_30.gif
- %ProgramFiles%\GNWay OSP\UserClient\emotion\def_3.gif
- %TEMP%\~DF81AF.tmp
- %ProgramFiles%\GNWay OSP\UserClient\UserData\chat_3.1.db-journal
- %TEMP%\nsw3.tmp\System.dll
- %TEMP%\nsw3.tmp\GetVersion.dll
- %TEMP%\nsw3.tmp\ImageDisplaySkin.dll
- 'ap#.#angwo8.net':858
- 'ap#.#angwo8.net':38226
- 'up####.gnway.com':80
- http://up####.gnway.com/GetNewVersion.php?Pr#####################################################################################################################################################...
- DNS ASK ap#.#angwo8.net
- DNS ASK up###e.gnway.cn
- DNS ASK up####.gnway.com