Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Connector] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Connector] 'ImagePath' = '%ALLUSERSPROFILE%\plx\connector.exe'
- 'Connector' %ALLUSERSPROFILE%\plx\connector.exe
- %ALLUSERSPROFILE%\plxdata\log\launcher.log
- %ALLUSERSPROFILE%\plx\cui.exe.zip.temp
- %ALLUSERSPROFILE%\plx\cui.exe.temp
- %ALLUSERSPROFILE%\plx\launcher.exe.zip.temp
- %ALLUSERSPROFILE%\plx\launcher.exe.temp
- %ALLUSERSPROFILE%\plx\pc.dll.zip.temp
- %ALLUSERSPROFILE%\plx\pc.dll.temp
- %ALLUSERSPROFILE%\plx\rdp.dll.zip.temp
- %ALLUSERSPROFILE%\plx\rdp.dll.temp
- %ALLUSERSPROFILE%\plx\rdp.exe.zip.temp
- %ALLUSERSPROFILE%\plx\rdp.exe.temp
- %ALLUSERSPROFILE%\plx\rdp.ini.zip.temp
- %ALLUSERSPROFILE%\plx\rdp.ini.temp
- %ALLUSERSPROFILE%\plx\ri.exe.zip.temp
- %ALLUSERSPROFILE%\plx\ri.exe.temp
- %TEMP%\pilixo.log.copy\launcher.log
- %ALLUSERSPROFILE%\plxdata\repo\remo\ipc\remotocol\port
- %TEMP%\log.zip
- %ALLUSERSPROFILE%\plx\connector.properties.default.0
- %ALLUSERSPROFILE%\plxdata\log\connector.log
- %ALLUSERSPROFILE%\plx\first.time.install.log
- %TEMP%\test.log
- %ALLUSERSPROFILE%\plxdata\log\remo\service\rc.exe_604.log
- %ALLUSERSPROFILE%\plxdata\log\rc.log
- %ALLUSERSPROFILE%\plxdata\log\launcher.1.log
- %WINDIR%\temp\pilixo.temp.manifest.temp
- %ALLUSERSPROFILE%\plxdata\log\pistacchio\service\bcc.exe_2280.log
- %ALLUSERSPROFILE%\plx\bc\pips-client.manifest
- %ALLUSERSPROFILE%\plxdata\log\bcc.log
- %ALLUSERSPROFILE%\plxdata\repo\remo\realm
- %ALLUSERSPROFILE%\plxdata\repo\remo\unattended_silent
- %ALLUSERSPROFILE%\plx\connector.exe.temp
- %ALLUSERSPROFILE%\plx\launcher.temp.exe
- %ALLUSERSPROFILE%\plx\connector.exe.zip.temp
- %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.zip.temp
- unc\atvnvmk*\mailslot\net\netlogon
- %TEMP%\pilixo.temp.manifest.temp
- %ALLUSERSPROFILE%\plx\bc\bcc.exe.zip.temp
- %ALLUSERSPROFILE%\plx\bc\bcc.exe.temp
- %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.zip.temp
- %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.temp
- %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.zip.temp
- %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.temp
- %ALLUSERSPROFILE%\plx\bc\sr.dll.zip.temp
- %ALLUSERSPROFILE%\plx\bc\sr.dll.temp
- %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.zip.temp
- %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.temp
- %ALLUSERSPROFILE%\plx\rc\rc.exe.zip.temp
- %ALLUSERSPROFILE%\plx\rc\rc.exe.temp
- %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.temp
- %ALLUSERSPROFILE%\plx\art\video-export.zip.temp
- %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.zip.temp
- %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.temp
- %ALLUSERSPROFILE%\plx\connector.properties
- %ALLUSERSPROFILE%\plxdata\art\logo-wide-120.temp
- %ALLUSERSPROFILE%\plxdata\art\icon.temp
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\bcc.exe
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\msvcp120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\msvcr120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\sr.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\vccorlib120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\connector.properties
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\rc.exe
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\screencapturedx.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\wallpaper.jpg
- %ALLUSERSPROFILE%\plx\art\video-export.temp
- %ALLUSERSPROFILE%\plx\rc\plxo-rc.manifest
- %TEMP%\pilixo.temp.manifest
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\wallpaper.jpg
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\screencapturedx.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\rc\rc.exe
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\connector.properties
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\vccorlib120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\sr.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\msvcr120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\msvcp120.dll
- %ALLUSERSPROFILE%\plx\pilixo_connector_tmp\bc\bcc.exe
- %ALLUSERSPROFILE%\plx\launcher.temp.exe
- %TEMP%\log.zip
- %TEMP%\pilixo.log.copy\launcher.log
- %ALLUSERSPROFILE%\plx\ri.exe.zip
- %ALLUSERSPROFILE%\plx\rdp.ini.zip
- %ALLUSERSPROFILE%\plx\rdp.exe.zip
- %ALLUSERSPROFILE%\plx\rdp.dll.zip
- %ALLUSERSPROFILE%\plx\pc.dll.zip
- %ALLUSERSPROFILE%\plx\launcher.exe.zip
- %ALLUSERSPROFILE%\plx\cui.exe.zip
- %ALLUSERSPROFILE%\plx\connector.exe.zip
- %ALLUSERSPROFILE%\plx\art\video-export.zip
- %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.zip
- %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.zip
- %ALLUSERSPROFILE%\plx\rc\rc.exe.zip
- %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.zip
- %ALLUSERSPROFILE%\plx\bc\sr.dll.zip
- %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.zip
- %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.zip
- %ALLUSERSPROFILE%\plx\bc\bcc.exe.zip
- %TEMP%\test.log
- %WINDIR%\temp\pilixo.temp.manifest
- from %TEMP%\pilixo.temp.manifest.temp to %TEMP%\pilixo.temp.manifest
- from %ALLUSERSPROFILE%\plx\connector.exe.temp to %ALLUSERSPROFILE%\plx\connector.exe
- from %ALLUSERSPROFILE%\plx\cui.exe.zip.temp to %ALLUSERSPROFILE%\plx\cui.exe.zip
- from %ALLUSERSPROFILE%\plx\cui.exe.temp to %ALLUSERSPROFILE%\plx\cui.exe
- from %ALLUSERSPROFILE%\plx\launcher.exe.zip.temp to %ALLUSERSPROFILE%\plx\launcher.exe.zip
- from %ALLUSERSPROFILE%\plx\launcher.exe.temp to %ALLUSERSPROFILE%\plx\launcher.exe
- from %ALLUSERSPROFILE%\plx\pc.dll.zip.temp to %ALLUSERSPROFILE%\plx\pc.dll.zip
- from %ALLUSERSPROFILE%\plx\pc.dll.temp to %ALLUSERSPROFILE%\plx\pc.dll
- from %ALLUSERSPROFILE%\plx\rdp.dll.zip.temp to %ALLUSERSPROFILE%\plx\rdp.dll.zip
- from %ALLUSERSPROFILE%\plx\rdp.dll.temp to %ALLUSERSPROFILE%\plx\rdp.dll
- from %ALLUSERSPROFILE%\plx\rdp.exe.zip.temp to %ALLUSERSPROFILE%\plx\rdp.exe.zip
- from %ALLUSERSPROFILE%\plx\rdp.exe.temp to %ALLUSERSPROFILE%\plx\rdp.exe
- from %ALLUSERSPROFILE%\plx\rdp.ini.zip.temp to %ALLUSERSPROFILE%\plx\rdp.ini.zip
- from %ALLUSERSPROFILE%\plx\rdp.ini.temp to %ALLUSERSPROFILE%\plx\rdp.ini
- from %ALLUSERSPROFILE%\plx\ri.exe.zip.temp to %ALLUSERSPROFILE%\plx\ri.exe.zip
- from %ALLUSERSPROFILE%\plx\ri.exe.temp to %ALLUSERSPROFILE%\plx\ri.exe
- from %WINDIR%\temp\pilixo.temp.manifest.temp to %WINDIR%\temp\pilixo.temp.manifest
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\accessibility.api to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\accessibility.api.bak
- from %ALLUSERSPROFILE%\plx\connector.exe.zip.temp to %ALLUSERSPROFILE%\plx\connector.exe.zip
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\makeaccessible.api to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\makeaccessible.api.bak
- from %ALLUSERSPROFILE%\plx\art\video-export.temp to %ALLUSERSPROFILE%\plx\art\video-export
- from %ALLUSERSPROFILE%\plxdata\art\icon.temp to %ALLUSERSPROFILE%\plxdata\art\icon
- from %ALLUSERSPROFILE%\plx\bc\bcc.exe.zip.temp to %ALLUSERSPROFILE%\plx\bc\bcc.exe.zip
- from %ALLUSERSPROFILE%\plx\bc\bcc.exe.temp to %ALLUSERSPROFILE%\plx\bc\bcc.exe
- from %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.zip.temp to %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.zip
- from %ALLUSERSPROFILE%\plx\bc\msvcp120.dll.temp to %ALLUSERSPROFILE%\plx\bc\msvcp120.dll
- from %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.zip.temp to %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.zip
- from %ALLUSERSPROFILE%\plx\bc\msvcr120.dll.temp to %ALLUSERSPROFILE%\plx\bc\msvcr120.dll
- from %ALLUSERSPROFILE%\plx\bc\sr.dll.zip.temp to %ALLUSERSPROFILE%\plx\bc\sr.dll.zip
- from %ALLUSERSPROFILE%\plx\bc\sr.dll.temp to %ALLUSERSPROFILE%\plx\bc\sr.dll
- from %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.zip.temp to %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.zip
- from %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll.temp to %ALLUSERSPROFILE%\plx\bc\vccorlib120.dll
- from %ALLUSERSPROFILE%\plx\rc\rc.exe.zip.temp to %ALLUSERSPROFILE%\plx\rc\rc.exe.zip
- from %ALLUSERSPROFILE%\plx\rc\rc.exe.temp to %ALLUSERSPROFILE%\plx\rc\rc.exe
- from %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.zip.temp to %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.zip
- from %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll.temp to %ALLUSERSPROFILE%\plx\rc\screencapturedx.dll
- from %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.zip.temp to %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.zip
- from %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg.temp to %ALLUSERSPROFILE%\plx\rc\wallpaper.jpg
- from %ALLUSERSPROFILE%\plxdata\art\logo-wide-120.temp to %ALLUSERSPROFILE%\plxdata\art\logo-wide-120
- from %ALLUSERSPROFILE%\plx\art\video-export.zip.temp to %ALLUSERSPROFILE%\plx\art\video-export.zip
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\readoutloud.api to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\readoutloud.api.bak
- %TEMP%\pilixo.temp.manifest.temp
- %TEMP%\pilixo.temp.manifest
- %ALLUSERSPROFILE%\plxdata\art\logo-wide-120.temp
- %ALLUSERSPROFILE%\plxdata\art\icon.temp
- %ALLUSERSPROFILE%\plx\launcher.temp.exe
- %WINDIR%\temp\pilixo.temp.manifest.temp
- %WINDIR%\temp\pilixo.temp.manifest
- http://do####ad.pilixo.com/prod/2.7.0.30/apps/pistacchio/binaries/windows/64/bcc.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/rdp.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/rdp.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/pc.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/launcher.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/cui.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/connector.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/rdp.ini.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/art/video-export.zip
- http://do####ad.pilixo.com/prod/2.7.0.14/apps/remo/binaries/windows/64/screencapturedx.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.14/apps/remo/binaries/windows/64/rc.exe.zip
- http://do####ad.pilixo.com/prod/2.7.0.30/apps/pistacchio/binaries/windows/64/vccorlib120.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.30/apps/pistacchio/binaries/windows/64/sr.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.30/apps/pistacchio/binaries/windows/64/msvcr120.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.30/apps/pistacchio/binaries/windows/64/msvcp120.dll.zip
- http://do####ad.pilixo.com/prod/2.7.0.14/apps/remo/binaries/windows/64/wallpaper.jpg.zip
- http://do####ad.pilixo.com/prod/2.7.0.20/binaries/windows/64/ri.exe.zip
- DNS ASK s3.###zonaws.com
- DNS ASK pr##.pilixo.com
- DNS ASK do####ad.pilixo.com
- DNS ASK s3######st-1.amazonaws.com
- DNS ASK pr######nector.pilixo.com
- '%ALLUSERSPROFILE%\plx\connector.exe'
- '%ALLUSERSPROFILE%\plx\bc\bcc.exe' /connectionIndex=0 /main_ipc_port=49208-0.u
- '%ALLUSERSPROFILE%\plx\rc\rc.exe' -appId=PLXO-RC /connectionIndex=0 /main_ipc_port=49208-0.u
- '%ALLUSERSPROFILE%\plx\launcher.temp.exe' /session_token= /operation=connector.validateproducts /orgid=d8960e66-4533-11e6-989d-ff09af8c3852 /id=7a09e5a0-d428-48ff-a249-acf6a428c95a /realm=prod /bodiStealthMode=1 /silent' (with hidden window)
- '%ALLUSERSPROFILE%\plx\bc\bcc.exe' /connectionIndex=0 /main_ipc_port=49208-0.u' (with hidden window)
- '%ALLUSERSPROFILE%\plx\rc\rc.exe' -appId=PLXO-RC /connectionIndex=0 /main_ipc_port=49208-0.u' (with hidden window)
- '%WINDIR%\syswow64\ipconfig.exe' /flushdns