Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Connector] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Connector] 'ImagePath' = '%PROGRAMDATA%\plx\connector.exe'
- %PROGRAMDATA%\plxdata\log\launcher.log
- %PROGRAMDATA%\plx\pc.dll.zip.temp
- %PROGRAMDATA%\plx\pc.dll.temp
- %PROGRAMDATA%\plx\rdp.dll.zip.temp
- %PROGRAMDATA%\plx\rdp.dll.temp
- %PROGRAMDATA%\plx\rdp.exe.zip.temp
- %PROGRAMDATA%\plx\rdp.exe.temp
- %PROGRAMDATA%\plx\rdp.ini.zip.temp
- %PROGRAMDATA%\plx\rdp.ini.temp
- %PROGRAMDATA%\plx\ri.exe.zip.temp
- %PROGRAMDATA%\plx\ri.exe.temp
- %PROGRAMDATA%\plx\launcher.temp.exe
- %TEMP%\pilixo.log.copy\launcher.log
- %TEMP%\log.zip
- %PROGRAMDATA%\plx\connector.properties.default.0
- %PROGRAMDATA%\plxdata\log\connector.log
- %PROGRAMDATA%\plx\first.time.install.log
- %TEMP%\test.log
- %PROGRAMDATA%\plxdata\log\remo\service\rc.exe_1892.log
- %PROGRAMDATA%\plxdata\log\rc.log
- %PROGRAMDATA%\plx\launcher.exe.temp
- %PROGRAMDATA%\plxdata\log\cui.log
- %PROGRAMDATA%\plx\launcher.exe.zip.temp
- %PROGRAMDATA%\plx\cui.exe.zip.temp
- unc\oagtybiv*\mailslot\net\netlogon
- %TEMP%\pilixo.temp.manifest.temp
- %PROGRAMDATA%\plx\rc\rc.exe.zip.temp
- %PROGRAMDATA%\plx\rc\rc.exe.temp
- %PROGRAMDATA%\plx\rc\screencapturedx.dll.zip.temp
- %PROGRAMDATA%\plx\rc\screencapturedx.dll.temp
- %PROGRAMDATA%\plx\rc\wallpaper.jpg.zip.temp
- %PROGRAMDATA%\plx\rc\wallpaper.jpg.temp
- %PROGRAMDATA%\plx\connector.properties
- %PROGRAMDATA%\plxdata\art\logo-wide-120.temp
- %PROGRAMDATA%\plxdata\art\icon.temp
- %PROGRAMDATA%\plx\pilixo_connector_tmp\connector.properties
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\rc.exe
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\screencapturedx.dll
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\wallpaper.jpg
- %PROGRAMDATA%\plx\art\video-export.zip.temp
- %PROGRAMDATA%\plx\art\video-export.temp
- %PROGRAMDATA%\plx\connector.exe.zip.temp
- %PROGRAMDATA%\plx\connector.exe.temp
- %PROGRAMDATA%\plx\cui.exe.temp
- %PROGRAMDATA%\plxdata\log\launcher.1.log
- %TEMP%\pilixo.temp.manifest
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\wallpaper.jpg
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\screencapturedx.dll
- %PROGRAMDATA%\plx\pilixo_connector_tmp\rc\rc.exe
- %PROGRAMDATA%\plx\pilixo_connector_tmp\connector.properties
- %TEMP%\log.zip
- %TEMP%\pilixo.log.copy\launcher.log
- %PROGRAMDATA%\plx\ri.exe.zip
- %PROGRAMDATA%\plx\rdp.ini.zip
- %PROGRAMDATA%\plx\launcher.temp.exe
- %PROGRAMDATA%\plx\rdp.exe.zip
- %PROGRAMDATA%\plx\pc.dll.zip
- %PROGRAMDATA%\plx\launcher.exe.zip
- %PROGRAMDATA%\plx\cui.exe.zip
- %PROGRAMDATA%\plx\connector.exe.zip
- %PROGRAMDATA%\plx\art\video-export.zip
- %PROGRAMDATA%\plx\rc\wallpaper.jpg.zip
- %PROGRAMDATA%\plx\rc\screencapturedx.dll.zip
- %PROGRAMDATA%\plx\rc\rc.exe.zip
- %PROGRAMDATA%\plx\rdp.dll.zip
- %TEMP%\test.log
- from %TEMP%\pilixo.temp.manifest.temp to %TEMP%\pilixo.temp.manifest
- from %PROGRAMDATA%\plx\rdp.ini.temp to %PROGRAMDATA%\plx\rdp.ini
- from %PROGRAMDATA%\plx\rdp.ini.zip.temp to %PROGRAMDATA%\plx\rdp.ini.zip
- from %PROGRAMDATA%\plx\rdp.exe.temp to %PROGRAMDATA%\plx\rdp.exe
- from %PROGRAMDATA%\plx\rdp.exe.zip.temp to %PROGRAMDATA%\plx\rdp.exe.zip
- from %PROGRAMDATA%\plx\rdp.dll.temp to %PROGRAMDATA%\plx\rdp.dll
- from %PROGRAMDATA%\plx\rdp.dll.zip.temp to %PROGRAMDATA%\plx\rdp.dll.zip
- from %PROGRAMDATA%\plx\pc.dll.temp to %PROGRAMDATA%\plx\pc.dll
- from %PROGRAMDATA%\plx\pc.dll.zip.temp to %PROGRAMDATA%\plx\pc.dll.zip
- from %PROGRAMDATA%\plx\launcher.exe.temp to %PROGRAMDATA%\plx\launcher.exe
- from %PROGRAMDATA%\plx\launcher.exe.zip.temp to %PROGRAMDATA%\plx\launcher.exe.zip
- from %PROGRAMDATA%\plx\cui.exe.temp to %PROGRAMDATA%\plx\cui.exe
- from %PROGRAMDATA%\plx\ri.exe.zip.temp to %PROGRAMDATA%\plx\ri.exe.zip
- from %PROGRAMDATA%\plx\cui.exe.zip.temp to %PROGRAMDATA%\plx\cui.exe.zip
- from %PROGRAMDATA%\plx\connector.exe.zip.temp to %PROGRAMDATA%\plx\connector.exe.zip
- from %PROGRAMDATA%\plx\art\video-export.temp to %PROGRAMDATA%\plx\art\video-export
- from %PROGRAMDATA%\plx\art\video-export.zip.temp to %PROGRAMDATA%\plx\art\video-export.zip
- from %PROGRAMDATA%\plxdata\art\icon.temp to %PROGRAMDATA%\plxdata\art\icon
- from %PROGRAMDATA%\plxdata\art\logo-wide-120.temp to %PROGRAMDATA%\plxdata\art\logo-wide-120
- from %PROGRAMDATA%\plx\rc\wallpaper.jpg.temp to %PROGRAMDATA%\plx\rc\wallpaper.jpg
- from %PROGRAMDATA%\plx\rc\wallpaper.jpg.zip.temp to %PROGRAMDATA%\plx\rc\wallpaper.jpg.zip
- from %PROGRAMDATA%\plx\rc\screencapturedx.dll.temp to %PROGRAMDATA%\plx\rc\screencapturedx.dll
- from %PROGRAMDATA%\plx\rc\screencapturedx.dll.zip.temp to %PROGRAMDATA%\plx\rc\screencapturedx.dll.zip
- from %PROGRAMDATA%\plx\rc\rc.exe.temp to %PROGRAMDATA%\plx\rc\rc.exe
- from %PROGRAMDATA%\plx\rc\rc.exe.zip.temp to %PROGRAMDATA%\plx\rc\rc.exe.zip
- from %PROGRAMDATA%\plx\connector.exe.temp to %PROGRAMDATA%\plx\connector.exe
- from %PROGRAMDATA%\plx\ri.exe.temp to %PROGRAMDATA%\plx\ri.exe
- %TEMP%\pilixo.temp.manifest.temp
- %TEMP%\pilixo.temp.manifest
- %PROGRAMDATA%\plxdata\art\logo-wide-120.temp
- %PROGRAMDATA%\plxdata\art\icon.temp
- %PROGRAMDATA%\plx\launcher.temp.exe
- http://do####ad.pilixo.com/prod/2.7.0.10/apps/remo/binaries/windows/64/rc.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.10/apps/remo/binaries/windows/64/screencapturedx.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.10/apps/remo/binaries/windows/64/wallpaper.jpg.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/art/video-export.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/connector.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/cui.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/launcher.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/pc.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/rdp.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/rdp.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/rdp.ini.zip
- http://do####ad.pilixo.com/prod/2.7.0.12/binaries/windows/64/ri.exe.zip
- DNS ASK s3.###zonaws.com
- DNS ASK pr##.pilixo.com
- DNS ASK do####ad.pilixo.com
- DNS ASK s3######st-1.amazonaws.com
- DNS ASK pr######nector.pilixo.com
- '%PROGRAMDATA%\plx\connector.exe'
- '%PROGRAMDATA%\plx\rc\rc.exe' -appId=PLXO-RC /connectionIndex=0 /main_ipc_port=49202-0.u
- '%PROGRAMDATA%\plx\cui.exe'
- '%PROGRAMDATA%\plx\rc\rc.exe' -appId=PLXO-RC /connectionIndex=0 /main_ipc_port=49202-0.u' (with hidden window)
- '%PROGRAMDATA%\plx\launcher.temp.exe' /session_token= /operation=connector.validateproducts /orgid=d3061238-8f06-4bd4-9031-07b93ac34be0 /id=e6a5221f-39fb-466f-9837-ed0942530e1e /realm=prod /bodiStealthMode=0 /silent' (with hidden window)
- '%PROGRAMDATA%\plx\cui.exe' ' (with hidden window)
- '%WINDIR%\syswow64\ipconfig.exe' /flushdns