Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KiwiGuard' = '<Full path to file>'
Sets the following service settings
- [<HKLM>\System\CurrentControlSet\Services\PolicyAgent] 'Start' = '00000002'
Miscellaneous
Executes the following
- '%WINDIR%\syswow64\netsh.exe' ipsec static show policy name="KiwiGuard Policy"
- '%WINDIR%\syswow64\netsh.exe' ipsec static delete all
- '%WINDIR%\syswow64\netsh.exe' ipsec static add policy name="KiwiGuard Policy" description="KiwiGuard policy blocks or permit all traffic to hosts/nets associated with it." assign=yes
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filterlist name="KiwiGuard Block Filter List" description="KiwiGuard block filter list contains hosts and networks known to host malware, criminal activity, etc."
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filter filterlist="KiwiGuard Block Filter List" srcaddr=1.1.1.1 dstaddr=me protocol=any
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filterlist name="KiwiGuard Permit Filter List" description="KiwiGuard permit filter list contains hosts and networks can have permission access to system."
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filter filterlist="KiwiGuard Permit Filter List" srcaddr=1.1.1.1 dstaddr=me protocol=any
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filteraction name="Block" description="KiwiGuard Block Filter Action" action=block
- '%WINDIR%\syswow64\netsh.exe' ipsec static add filteraction name="Permit" description="KiwiGuard Permit Filter Action" action=permit
- '%WINDIR%\syswow64\netsh.exe' ipsec static add rule name="KiwiGuard Block Rule" policy="KiwiGuard Policy" filterlist="KiwiGuard Block Filter List" filteraction="Block" activate=yes
- '%WINDIR%\syswow64\netsh.exe' ipsec static add rule name="KiwiGuard Permit Rule" policy="KiwiGuard Policy" filterlist="KiwiGuard Permit Filter List" filteraction="Permit" activate=no
- '%WINDIR%\syswow64\netsh.exe' ipsec static delete filter filterlist="KiwiGuard Block Filter List" srcaddr=1.1.1.1 dstaddr=me protocol=any
- '%WINDIR%\syswow64\netsh.exe' ipsec static delete filter filterlist="KiwiGuard Permit Filter List" srcaddr=1.1.1.1 dstaddr=me protocol=any