Windows 10 20H1.19577 开始 System 进程内 Ntdll 的一点变化
Show in Graph
Image Description
Common Information
Type Value
UUID bfedff78-bbbf-4ec1-98b4-fa189f31ad73
Fingerprint 85f1c63d5fc893e4fa0c8bf47e06a6c3aa9182831e986f94761c6bfb283f635c
Analysis status DONE
Considered CTI value 0
Text language
Published June 9, 2020, 9:34 p.m.
Added to db March 9, 2024, 11:41 p.m.
Last updated Aug. 30, 2024, 10:24 p.m.
Headline Windows 10 20H1.19577 开始 System 进程内 Ntdll 的一点变化
Title Windows 10 20H1.19577 开始 System 进程内 Ntdll 的一点变化
Detected Hints/Tags/Attributes 6/0/8
Source URLs
Redirection Url
Details Source http://pub1-bjyt.s3.360.cn/bcms/Windows1020H1.19577%E5%BC%80%E5%A7%8BSystem%E8%BF%9B%E7%A8%8B%E5%86%85Ntdll%E7%9A%84%E4%B8%80%E7%82%B9%E5%8F%98%E5%8C%96.pdf
URL Provider
Details Provider Source level domain
Details 360.cn pub1-bjyt.s3.360.cn
Attributes
Details Type #Events CTI Value
Details Domain 1 
vadflags.protection
Details File 533 
ntdll.dll
Details File 1 
映射的ntdll.dll
Details File 119 
smss.exe
Details File 1 
ntoskrnel.exe
Details File 1 
就是加载ntdll.dll
Details File 1 
加载ntdll.dll
Details File 1 
这是ntdll.dll