Technical Information
- [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] 'Security Packages' = 'kerberos\nmsv1_0\nschannel\nwdigest\ntspkg\npku2u\nradiusw'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\radiusw.dll
- <SYSTEM32>\bogard.exe
- <SYSTEM32>\msdump32.dll
- <SYSTEM32>\marble32.tlb
- 'ma####.hancom.com':80
- 'ma####.hancom.com':443
- http://www.ha##om.com/board/hmnoticeList.do?ut########################################################################
- http://ma####.hancom.com/modules/session/session.module.php
- 'ma####.hancom.com':443
- '34.##9.100.209':443
- DNS ASK ma####.hancom.com
- DNS ASK ha##om.com
- '<SYSTEM32>\bogard.exe'
- '<SYSTEM32>\bogard.exe' ' (with hidden window)