Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- <SYSTEM32>\tasks\asos1
Modifies file system
Creates the following files
- %TEMP%\unpack1.log
- %WINDIR%\temp\cabd59a.tmp
- %WINDIR%\temp\tarbff7.tmp
- %WINDIR%\temp\cabbff6.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\temp\tara86f.tmp
- %WINDIR%\temp\caba86e.tmp
- %WINDIR%\temp\tard59b.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\c86bd7751d53f10f65aaad66bbdf33c7
- %TEMP%\splashtop\sos\launcher.txt
- %TEMP%\unpacksos\1\srfeatminisos.exe
- %TEMP%\unpacksos\1\$dpx$.tmp\83b28e024e8b8249a9c0e350e8fb6c4a.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\10c6ad2a660ed54896508dbeabdc67cf.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\ad91f4bb56cf2345b91cd3afd4db9db3.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\9f83647ebe2e2242a1d28939023103b7.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\f18db853d7d4d242af8ba94b34eb1bf5.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\c86bd7751d53f10f65aaad66bbdf33c7
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\698460a0b6e60f2f602361424d832905_8bb23d43de574e82f2bee0df0ec47eeb
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\698460a0b6e60f2f602361424d832905_8bb23d43de574e82f2bee0df0ec47eeb
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\c8e534ee129f27d55460ce17fd628216_1130d9b25898b0db0d4f04dc5b93f141
- %WINDIR%\temp\cab7623.tmp
- %WINDIR%\temp\tar609f.tmp
- %WINDIR%\temp\cab609e.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\local\gdipfontcachev1.dat
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\329b6147266c1e26cd774ea22b79ec2e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\329b6147266c1e26cd774ea22b79ec2e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\1a374813edb1a6631387e414d3e73232
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\1a374813edb1a6631387e414d3e73232
- %TEMP%\unpacksos\1\quicserver.cert
- %TEMP%\unpacksos\1\quicserver.key
- %TEMP%\splashtop\sos\01_splog.txt
- %TEMP%\splashtop\sos\01_sysinfo.txt
- %WINDIR%\temp\tar1ff5.tmp
- %WINDIR%\temp\cab1ff4.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\8ec9b1d0abbd7f98b401d425828828ce_9c79da33a1711362e9d071d2706bb651
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\8ec9b1d0abbd7f98b401d425828828ce_9c79da33a1711362e9d071d2706bb651
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\c8e534ee129f27d55460ce17fd628216_1130d9b25898b0db0d4f04dc5b93f141
- %TEMP%\unpacksos\1\$dpx$.tmp\849d517560d7654088d60d3e7e004df6.tmp
- %WINDIR%\temp\tar7624.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\4b92258a60db6a43b0b4d75a86386fe0.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\c1061eab6c54fd4e8588f0cc4409f3fa.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\396d939aed47a44da8115e7f338a026c.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\a5419132860a4341a8bad14c3d340ec7.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\479738c5fe226543a21bf978895ea7e3.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\9d70aafcc34a1b48ae71221bfb86b13a.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\aaa211909240d0489b886f9cecc29d32.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\0c738598ae158d43b196d6501294fea2.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\0d57f01481628743952eb69d2bd7a09b.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\029736d43c62704689bfd5f46ca0dfaa.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\498e0836fb72a34084a7716891c497cb.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\0ca791827fa51d4f8ec940ddcaae58da.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\63429d365317ce4a89229d8bfa8eb437.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\6f35d81d9f101d408fdcb073c7fd5fd0.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\a21fa821cbce364c948e90a63e619b24.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\0cbe2f2b4e5e6c418a498780c60c3dea.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\c5048b74581f1547be4713b9c7b146fa.tmp
- %TEMP%\unpacksos\1\streamer1.cab
- %TEMP%\unpacksos\1\$dpx$.tmp\9039c4793acd36429c88af100ba96e46.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\8ebeba4a654b1941b53abda40db6c185.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\1390b24cea77804dbe4580afddd76fe5.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\44255151d593ed4586308ee88a82a954.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\d848d4c979daed4fb2dc00aeaaa99b45.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\a6eda0d0be78e0429ec36027517e6ff5.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\30afba018a6f1f44bd1358de9413583d.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\9988a4f865b3dc4fa179311bee839091.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\f2209ba143788e43b46e51ba96aef66e.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\66ff6214dd8d8a4baa5be246bfeef4ae.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\981542fb6e86e34cbe1bba68ea873f1d.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\6da34b47018a954fb4cdc655a806dc87.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\5d9a5a98b7140840b22db8bcdec39e51.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\b4187405dc2caf4d85648ccebaa025d0.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\42825526be8dfe4e88a0dd1af4552d02.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\b125adca3d649240abc3b2eabc9b04c9.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\1e0863f255ea324ba461dc676bb28876.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\2ebe8063e227064594ed3ce8187bcf7f.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\fc5caeb82412c2458ee89d502cd71a4d.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\592b56e6082f904f907de66de2e15d2e.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\5472e713ab5b654c9f8b55bddc9a19c4.tmp
- %TEMP%\unpacksos\1\$dpx$.tmp\68fc2b4cab596a4089ca4f6636d68939.tmp
- %ALLUSERSPROFILE%\splashtop\splashtop remote server\credential\sdvalidationkey
Deletes the following files
- <SYSTEM32>\tasks\asos1
- %WINDIR%\temp\caba86e.tmp
- %WINDIR%\temp\tara86f.tmp
- %WINDIR%\temp\cabbff6.tmp
- %WINDIR%\temp\tarbff7.tmp
- %WINDIR%\temp\cabd59a.tmp
- %WINDIR%\temp\tard59b.tmp
- %WINDIR%\temp\cab1ff4.tmp
- %WINDIR%\temp\tar1ff5.tmp
- %WINDIR%\temp\cab609e.tmp
- %WINDIR%\temp\tar609f.tmp
- %WINDIR%\temp\cab7623.tmp
- %WINDIR%\temp\tar7624.tmp
Moves the following files
- from %TEMP%\unpacksos\1\$dpx$.tmp\c5048b74581f1547be4713b9c7b146fa.tmp to %TEMP%\unpacksos\1\acknowledgements.htm
- from %TEMP%\unpacksos\1\$dpx$.tmp\b125adca3d649240abc3b2eabc9b04c9.tmp to %TEMP%\unpacksos\1\legacy.cnf
- from %TEMP%\unpacksos\1\$dpx$.tmp\42825526be8dfe4e88a0dd1af4552d02.tmp to %TEMP%\unpacksos\1\legacy.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\b4187405dc2caf4d85648ccebaa025d0.tmp to %TEMP%\unpacksos\1\libcrypto-3.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\5d9a5a98b7140840b22db8bcdec39e51.tmp to %TEMP%\unpacksos\1\libssl-3.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\6da34b47018a954fb4cdc655a806dc87.tmp to %TEMP%\unpacksos\1\srsocketctrl.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\981542fb6e86e34cbe1bba68ea873f1d.tmp to %TEMP%\unpacksos\1\srserversos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\66ff6214dd8d8a4baa5be246bfeef4ae.tmp to %TEMP%\unpacksos\1\srservicesos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\f2209ba143788e43b46e51ba96aef66e.tmp to %TEMP%\unpacksos\1\srutilitysos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\9988a4f865b3dc4fa179311bee839091.tmp to %TEMP%\unpacksos\1\srvideoctrl.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\30afba018a6f1f44bd1358de9413583d.tmp to %TEMP%\unpacksos\1\srvideoctrlex.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\a6eda0d0be78e0429ec36027517e6ff5.tmp to %TEMP%\unpacksos\1\srvideoctrls.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\d848d4c979daed4fb2dc00aeaaa99b45.tmp to %TEMP%\unpacksos\1\srvideoctrlsex.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\c1061eab6c54fd4e8588f0cc4409f3fa.tmp to %TEMP%\unpacksos\1\srx264wrapper.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\68fc2b4cab596a4089ca4f6636d68939.tmp to %TEMP%\unpacksos\1\srx264wrapperex.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\4b92258a60db6a43b0b4d75a86386fe0.tmp to %TEMP%\unpacksos\1\srx264wrapperexx.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\849d517560d7654088d60d3e7e004df6.tmp to %TEMP%\unpacksos\1\srapppbsos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\f18db853d7d4d242af8ba94b34eb1bf5.tmp to %TEMP%\unpacksos\1\sropus.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\9f83647ebe2e2242a1d28939023103b7.tmp to %TEMP%\unpacksos\1\sraudioresample.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\ad91f4bb56cf2345b91cd3afd4db9db3.tmp to %TEMP%\unpacksos\1\sraudiochatsos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\1e0863f255ea324ba461dc676bb28876.tmp to %TEMP%\unpacksos\1\fips.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\10c6ad2a660ed54896508dbeabdc67cf.tmp to %TEMP%\unpacksos\1\avutil-55.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\2ebe8063e227064594ed3ce8187bcf7f.tmp to %TEMP%\unpacksos\1\fips.cnf
- from %TEMP%\unpacksos\1\$dpx$.tmp\592b56e6082f904f907de66de2e15d2e.tmp to %TEMP%\unpacksos\1\srfeaturesosnouia.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\0cbe2f2b4e5e6c418a498780c60c3dea.tmp to %TEMP%\unpacksos\1\launcher.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\a21fa821cbce364c948e90a63e619b24.tmp to %TEMP%\unpacksos\1\dbghelp.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\6f35d81d9f101d408fdcb073c7fd5fd0.tmp to %TEMP%\unpacksos\1\libcelt-0.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\63429d365317ce4a89229d8bfa8eb437.tmp to %TEMP%\unpacksos\1\libcurl.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\0ca791827fa51d4f8ec940ddcaae58da.tmp to %TEMP%\unpacksos\1\libx264-116.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\9039c4793acd36429c88af100ba96e46.tmp to %TEMP%\unpacksos\1\srserver.pem
- from %TEMP%\unpacksos\1\$dpx$.tmp\498e0836fb72a34084a7716891c497cb.tmp to %TEMP%\unpacksos\1\srclient.pem
- from %TEMP%\unpacksos\1\$dpx$.tmp\0d57f01481628743952eb69d2bd7a09b.tmp to %TEMP%\unpacksos\1\p_mount.bat
- from %TEMP%\unpacksos\1\$dpx$.tmp\0c738598ae158d43b196d6501294fea2.tmp to %TEMP%\unpacksos\1\p_unmount.bat
- from %TEMP%\unpacksos\1\$dpx$.tmp\aaa211909240d0489b886f9cecc29d32.tmp to %TEMP%\unpacksos\1\stprinter.cat
- from %TEMP%\unpacksos\1\$dpx$.tmp\9d70aafcc34a1b48ae71221bfb86b13a.tmp to %TEMP%\unpacksos\1\stprinterx.cat
- from %TEMP%\unpacksos\1\$dpx$.tmp\479738c5fe226543a21bf978895ea7e3.tmp to %TEMP%\unpacksos\1\stprinter.inf
- from %TEMP%\unpacksos\1\$dpx$.tmp\a5419132860a4341a8bad14c3d340ec7.tmp to %TEMP%\unpacksos\1\stprintmon_x86.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\396d939aed47a44da8115e7f338a026c.tmp to %TEMP%\unpacksos\1\stprintmon_x64.dll
- from %TEMP%\unpacksos\1\$dpx$.tmp\029736d43c62704689bfd5f46ca0dfaa.tmp to %TEMP%\unpacksos\1\reboot.bat
- from %TEMP%\unpacksos\1\$dpx$.tmp\8ebeba4a654b1941b53abda40db6c185.tmp to %TEMP%\unpacksos\1\asos.xml
- from %TEMP%\unpacksos\1\$dpx$.tmp\1390b24cea77804dbe4580afddd76fe5.tmp to %TEMP%\unpacksos\1\srappsos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\44255151d593ed4586308ee88a82a954.tmp to %TEMP%\unpacksos\1\srchatsos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\5472e713ab5b654c9f8b55bddc9a19c4.tmp to %TEMP%\unpacksos\1\srfeaturesos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\fc5caeb82412c2458ee89d502cd71a4d.tmp to %TEMP%\unpacksos\1\srmanagersos.exe
- from %TEMP%\unpacksos\1\$dpx$.tmp\83b28e024e8b8249a9c0e350e8fb6c4a.tmp to %TEMP%\unpacksos\1\swresample-2.dll
Network activity
Connects to
- 'microsoft.com':80
- '34########-83.relay.splashtop.com':443
- '14########8-248.relay.splashtop.com':443
- '3-#######65.relay.splashtop.com':443
- '15########-55.relay.splashtop.com':443
- '13########242.relay.splashtop.com':443
- '34#######51.relay.splashtop.com':443
- '15########254.relay.splashtop.com':443
- '35########-81.relay.splashtop.com':443
- '34########-169.relay.splashtop.com':443
- '14########163.relay.splashtop.com':443
- '34########-82.relay.splashtop.com':443
- '34########129.relay.splashtop.com':443
- '14########-176.relay.splashtop.com':443
- '34########-240.relay.splashtop.com':443
- '13########-59.relay.splashtop.com':443
- '34########-55.relay.splashtop.com':443
- '13########-145.relay.splashtop.com':443
- 'st###########os-srs-win-3601.api.splashtop.com':443
- 'st##########s-win-3601.api.splashtop.com':443
- 'st###########sos-srs-win-3601.api.splashtop.com':443
- 'st############os-srs-win-3601-g3.api.splashtop.com':443
- '20########7-193.relay.splashtop.com':443
- '14########4-20.relay.splashtop.com':443
TCP
HTTP GET requests
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
Other
- 'st############os-srs-win-3601-g3.api.splashtop.com':443
- '14########8-248.relay.splashtop.com':443
- '15########-55.relay.splashtop.com':443
- '34########-83.relay.splashtop.com':443
- '3-#######65.relay.splashtop.com':443
- '35########-81.relay.splashtop.com':443
- '15########254.relay.splashtop.com':443
- '13########242.relay.splashtop.com':443
- '34########-169.relay.splashtop.com':443
- '34#######51.relay.splashtop.com':443
- '14########4-20.relay.splashtop.com':443
- '14########163.relay.splashtop.com':443
- '34########-82.relay.splashtop.com':443
- '34########129.relay.splashtop.com':443
- '34########-240.relay.splashtop.com':443
- '13########-59.relay.splashtop.com':443
- '34########-55.relay.splashtop.com':443
- '13########-145.relay.splashtop.com':443
- 'st###########os-srs-win-3601.api.splashtop.com':443
- 'st##########s-win-3601.api.splashtop.com':443
- 'st###########sos-srs-win-3601.api.splashtop.com':443
- '14########-176.relay.splashtop.com':443
- '20########7-193.relay.splashtop.com':443
UDP
- DNS ASK microsoft.com
- DNS ASK 34########-83.relay.splashtop.com
- DNS ASK 34#######51.relay.splashtop.com
- DNS ASK 14########8-248.relay.splashtop.com
- DNS ASK 34########-169.relay.splashtop.com
- DNS ASK 3-#######65.relay.splashtop.com
- DNS ASK 15########254.relay.splashtop.com
- DNS ASK 13########242.relay.splashtop.com
- DNS ASK 15########-55.relay.splashtop.com
- DNS ASK 34########-82.relay.splashtop.com
- DNS ASK 35########-81.relay.splashtop.com
- DNS ASK 34########129.relay.splashtop.com
- DNS ASK 14########163.relay.splashtop.com
- DNS ASK 34########-240.relay.splashtop.com
- DNS ASK 13########-59.relay.splashtop.com
- DNS ASK 14########-176.relay.splashtop.com
- DNS ASK 34########-55.relay.splashtop.com
- DNS ASK 13########-145.relay.splashtop.com
- DNS ASK st###########os-srs-win-3601.api.splashtop.com
- DNS ASK st##########s-win-3601.api.splashtop.com
- DNS ASK st###########sos-srs-win-3601.api.splashtop.com
- DNS ASK st############os-srs-win-3601-g3.api.splashtop.com
- DNS ASK 20########7-193.relay.splashtop.com
- DNS ASK 14########4-20.relay.splashtop.com
Miscellaneous
Searches for the following windows
- ClassName: 'SplashtopRemoteAttendedSupport' WindowName: ''
Creates and executes the following
- '%TEMP%\unpacksos\1\launcher.exe' SRManagerSOS.exe 1
- '%TEMP%\unpacksos\1\srmanagersos.exe'
- '%TEMP%\unpacksos\1\srserversos.exe' -s
- '%TEMP%\unpacksos\1\srapppbsos.exe'
- '%TEMP%\unpacksos\1\srfeaturesos.exe'
- '%TEMP%\unpacksos\1\srutilitysos.exe' -r
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\expand.exe *.cab /f:* .\' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /change /tn ASOS1 /ru "system" /tr "'%TEMP%\unpacksos\1\\Launcher.exe' SRManagerSOS.exe 1 "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /run /tn ASOS1' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /delete /f /tn ASOS1' (with hidden window)
- '%TEMP%\unpacksos\1\launcher.exe' SRManagerSOS.exe 1' (with hidden window)
- '%TEMP%\unpacksos\1\srmanagersos.exe' ' (with hidden window)
- '%TEMP%\unpacksos\1\srfeaturesos.exe' ' (with hidden window)
- '%TEMP%\unpacksos\1\srutilitysos.exe' -r' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\expand.exe *.cab /f:* .\
- '<SYSTEM32>\expand.exe' *.cab /f:* .\
- '<SYSTEM32>\cmd.exe' /c schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1
- '<SYSTEM32>\schtasks.exe' /create /xml ASOS.xml /ru "system" /tn ASOS1
- '<SYSTEM32>\cmd.exe' /c schtasks /change /tn ASOS1 /ru "system" /tr "'%TEMP%\unpacksos\1\\Launcher.exe' SRManagerSOS.exe 1 "
- '<SYSTEM32>\schtasks.exe' /change /tn ASOS1 /ru "system" /tr "'%TEMP%\unpacksos\1\\Launcher.exe' SRManagerSOS.exe 1 "
- '<SYSTEM32>\cmd.exe' /c schtasks /run /tn ASOS1
- '<SYSTEM32>\schtasks.exe' /run /tn ASOS1
- '<SYSTEM32>\cmd.exe' /c schtasks /delete /f /tn ASOS1
- '<SYSTEM32>\schtasks.exe' /delete /f /tn ASOS1
