mysql 透明加密绿色版_分享一款自己在用的不错的透明加密软件

77 阅读 0 评论 51 点赞

我是靠谱客的博主精明人生，最近开发中收集的这篇文章主要介绍mysql 透明加密绿色版_分享一款自己在用的不错的透明加密软件，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

行为描述：探测 Virtual PC是否存在

详情信息：N/A

行为描述：跨进程写入数据

详情信息：TargetProcess = C:UsersADMINI~1AppDataLocalTempRarSFX1install.exe, WriteAddress = 0x00150000, Size = 0x000005dc TargetPID = 0x00000c14 TargetProcess = C:UsersADMINI~1AppDataLocalTempRarSFX1install.exe, WriteAddress = 0x7ffd41e8, Size = 0x00000004 TargetPID = 0x00000c14 TargetProcess = C:UsersADMINI~1AppDataLocalTempRarSFX1install.exe, WriteAddress = 0x00160000, Size = 0x00000020 TargetPID = 0x00000c14 TargetProcess = C:UsersADMINI~1AppDataLocalTempRarSFX1install.exe, WriteAddress = 0x00160020, Size = 0x00000034 TargetPID = 0x00000c14 TargetProcess = C:UsersADMINI~1AppDataLocalTempRarSFX1install.exe, WriteAddress = 0x7ffd4238, Size = 0x00000004 TargetPID = 0x00000c14 TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000d9c TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000d9c TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000d9c TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000e94 TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000e94 TargetProcess = C:Program FilesRedLineSecurityRL1.1.1.23RedLine32.exe, WriteAddress = 0x7ffda238, Size = 0x00000004 TargetPID = 0x00000e94

行为描述：查询注册表_检测虚拟机相关

详情信息：REGISTRYMACHINESYSTEMControlSet001ControlClass{4D36E968-E325-11CE-BFC1-08002BE10318}000DriverDesc REGISTRYMACHINEHARDWAREDESCRIPTIONSystemSystemBiosVersion REGISTRYMACHINEHARDWAREDESCRIPTIONSystemVideoBiosVersion

行为描述：尝试打开调试器或监控软件的驱动设备对象

详情信息：??SICE ??SIWVID ??NTICE

行为描述：获取TickCount值

详情信息：TickCount = 76204, SleepMilliseconds = 2001. TickCount = 76329, SleepMilliseconds = 2001. TickCount = 76360, SleepMilliseconds = 2001. TickCount = 76516, SleepMilliseconds = 2001. TickCount = 76547, SleepMilliseconds = 2001. TickCount = 76563, SleepMilliseconds = 2001. TickCount = 76797, SleepMilliseconds = 2001. TickCount = 77751, SleepMilliseconds = 2001. TickCount = 77766, SleepMilliseconds = 2001. TickCount = 77876, SleepMilliseconds = 2001. TickCount = 77938, SleepMilliseconds = 2001. TickCount = 77954, SleepMilliseconds = 2001. TickCount = 78001, SleepMilliseconds = 2001. TickCount = 78032, SleepMilliseconds = 2001. TickCount = 78047, SleepMilliseconds = 2001.

行为描述：在桌面创建文件

详情信息：C:UsersAdministratorDesktop红线隐私保护系统使用说明.pdf C:UsersAdministratorDesktop红线隐私保护系统.lnk

行为描述：设置特殊文件夹属性

详情信息：C:UsersAdministratorAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5 C:UsersAdministratorAppDataRoamingMicrosoftWindowsCookies C:UsersAdministratorAppDataLocalMicrosoftWindowsHistoryHistory.IE5

行为描述：直接获取CPU时钟

详情信息：EAX = 0x06010b44, EDX = 0x0000003a EAX = 0x0b3bd9fd, EDX = 0x0000003a EAX = 0x0deed979, EDX = 0x0000003a EAX = 0x5d0db1f4, EDX = 0x0000003a EAX = 0x624880ad, EDX = 0x0000003a EAX = 0x624880f9, EDX = 0x0000003a EAX = 0x62488145, EDX = 0x0000003a EAX = 0x62488191, EDX = 0x0000003a EAX = 0x624881dd, EDX = 0x0000003a EAX = 0x62488229, EDX = 0x0000003a EAX = 0x2aba157e, EDX = 0x0000003d EAX = 0x2aba15ca, EDX = 0x0000003d EAX = 0x2aba1616, EDX = 0x0000003d EAX = 0x2aba1662, EDX = 0x0000003d EAX = 0x2aba16ae, EDX = 0x0000003d

行为描述：查找指定内核模块

详情信息：

lstrcmpiA: ntice.sys ntkrnlpa.exe Des: SoftICE驱动

lstrcmpiA: ntice.sys halmacpi.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys kdcom.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys mcupdate_GenuineIntel.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys PSHED.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys BOOTVID.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys CLFS.SYS Des: SoftICE驱动

lstrcmpiA: ntice.sys CI.dll Des: SoftICE驱动

lstrcmpiA: ntice.sys Wdf01000.sys Des: SoftICE驱动

lstrcmpiA: ntice.sys WDFLDR.SYS Des: SoftICE驱动