Technical Information
- Windows Task Manager (Taskmgr)
- '%WINDIR%\bluesoft_gho_bsgwmn_all.exe'
- '%WINDIR%\bluesoft_gho_bsgwmn_all.exe' (downloaded from the Internet)
- %WINDIR%\bluesoft_gho_bsgwmn_all.exe.tmp
- from %WINDIR%\bluesoft_gho_bsgwmn_all.exe.tmp to %WINDIR%\bluesoft_gho_bsgwmn_all.exe
- 'do##.u.gsie.cn':80
- do##.u.gsie.cn/corp/download/bluesoft_gho_bsgwmn_all.exe
- DNS ASK do##.u.gsie.cn