Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchos' = '<Full path to file>'
- <SYSTEM32>\taskhost.exe
- <SYSTEM32>\taskhost.exe
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\dwm.exe
- firefox.exe
- firefox.exe
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_d99ef00b-ccd3-4f1d-9980-90ac453b0b47
- %CommonProgramFiles%\microsoft shared\themes14\studio\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\water\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\watermar\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\arfr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\enes\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\enfr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\esen\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\frar\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\translat\fren\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\triedit\ryukreadme.txt
- %CommonProgramFiles%\services\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\spring\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vc\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vgx\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vsto\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vsto\10.0\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vsto\10.0\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web folders\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web folders\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\14\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\14\bin\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\14\bin\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\triedit\en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vba\vba7\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\breeze\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\vba\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\journal\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\capsules\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\cascade\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\compass\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\concrete\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\echo\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\edge\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\ice\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\indust\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\sky\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\sonora\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\slate\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\level\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\network\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\pixel\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\profile\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\quad\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\radial\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\refined\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\ripple\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\satin\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\iris\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\layers\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\canyon\ryukreadme.txt
- %CommonProgramFiles%\speechengines\ryukreadme.txt
- %CommonProgramFiles%\system\ado\en-us\ryukreadme.txt
- %ProgramFiles%\internet explorer\ryukreadme.txt
- %ProgramFiles%\internet explorer\en-us\ryukreadme.txt
- %ProgramFiles%\internet explorer\signup\ryukreadme.txt
- %ProgramFiles%\java\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\bin\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\bin\plugin2\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\bin\server\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\amd64\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\applet\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\videowall\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\vignette\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\cmm\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\images\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\images\cursors\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\jfr\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\management\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\security\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\as oledb\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\as oledb\10\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\as oledb\10\cartridges\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\as oledb\10\resources\ryukreadme.txt
- %ProgramFiles%\microsoft analysis services\as oledb\10\resources\1033\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\deploy\ryukreadme.txt
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\ryukreadme.txt
- %CommonProgramFiles%\system\ryukreadme.txt
- %CommonProgramFiles%\speechengines\microsoft\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\sports\ryukreadme.txt
- %CommonProgramFiles%\system\en-us\ryukreadme.txt
- %CommonProgramFiles%\system\msadc\ryukreadme.txt
- %CommonProgramFiles%\system\msadc\en-us\ryukreadme.txt
- %CommonProgramFiles%\system\msmapi\ryukreadme.txt
- %CommonProgramFiles%\system\msmapi\1033\ryukreadme.txt
- %CommonProgramFiles%\system\ole db\ryukreadme.txt
- %CommonProgramFiles%\system\ole db\en-us\ryukreadme.txt
- %ProgramFiles%\dvd maker\ryukreadme.txt
- %ProgramFiles%\dvd maker\en-us\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\stacking\ryukreadme.txt
- %CommonProgramFiles%\system\ado\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\travel\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\babyboy\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\huecycle\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\layeredtitles\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\memories\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\oldage\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\performance\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\pets\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\push\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\rectangles\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\resizingpanels\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\shatter\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\specialoccasion\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\babygirl\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\flippage\ryukreadme.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\full\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\equation\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\equation\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\euro\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\filters\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\grphflt\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\help\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ar-sa\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\bg-bg\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\cs-cz\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\da-dk\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\de-de\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\web\ryukreadme.txt
- %CommonProgramFiles%\designer\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\et-ee\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fi-fi\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fr-fr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\numbers\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskmenu\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\osknumpad\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskpred\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\symbols\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\el-gr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\es-es\ryukreadme.txt
- %ProgramFiles%\ryukreadme.txt
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\ryukreadme.txt
- D:\$recycle.bin\ryukreadme.txt
- D:\$recycle.bin\s-1-5-21-3150914307-1777937420-491476919-1000\ryukreadme.txt
- C:\ryukreadme.txt
- C:\documents and settings\ryukreadme.txt
- C:\kms\ryukreadme.txt
- C:\msocache\ryukreadme.txt
- C:\msocache\all users\ryukreadme.txt
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- %CommonProgramFiles%\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\he-il\ryukreadme.txt
- D:\ryukreadme.txt
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\ryukreadme.txt
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\ryukreadme.txt
- C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\ryukreadme.txt
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\ryukreadme.txt
- C:\perflogs\ryukreadme.txt
- C:\perflogs\admin\ryukreadme.txt
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\dw\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\hr-hr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.ww\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\onenote.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\outlook.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\powerpoint.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.en\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.es\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.fr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proofing.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proplus\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\publisher.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\word.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\smart tag\lists\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\source engine\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\stationery\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\textconv\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\textconv\en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\arctic\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\axis\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\themes14\blends\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\proof\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\smart tag\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\smart tag\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\hu-hu\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\it-it\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ja-jp\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ko-kr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\lt-lt\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\lv-lv\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\nb-no\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\nl-nl\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\pl-pl\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\pt-br\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\pt-pt\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ro-ro\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\ru-ru\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\sk-sk\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\hwrcustomization\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\sl-si\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\sv-se\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\th-th\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\tr-tr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\uk-ua\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\zh-cn\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\zh-tw\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\msclientdatamgr\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\msinfo\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\msinfo\en-us\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\1033\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\cultures\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\ryukreadme.txt
- %CommonProgramFiles%\microsoft shared\ink\sr-latn-cs\ryukreadme.txt
- %ProgramFiles%\microsoft office\ryukreadme.txt
- %ProgramFiles%\microsoft office\clipart\ryukreadme.txt
- C:\kms\kms_vl_all_aio_debug.log
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.msi
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publr.cab
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.msi
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.xml
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.msi
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.xml
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.msi
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.msi
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww2.cab
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
- C:\kms\kms_vl_all_aio.cmd
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.msi
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.xml
- '<SYSTEM32>\cmd.exe' /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "<Full path to file>" /f
- '<SYSTEM32>\reg.exe' ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "<Full path to file>" /f
- '<SYSTEM32>\cmd.exe' /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "<Full path to file>" /f' (with hidden window)