PLUGUIN.EXE – Suspicious File removal

PLUGUIN.EXE size: 822655 bytes
PLUGUIN.EXE hash: 0D1A20377070F65F57CE015ABC40EAAF

Created files:

%SysDir%\Microsoft\Pluguin.exe
%TEMP%\UuU.uUu
%TEMP%\XxX.xXx

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{J72R2L0W-OA82-6FD4-6Y8Y-45YORB14BRAV}\StubPath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D006900630072006F0073006F00660074005C0050006C0075006700750069006E002E006500780065000000
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D006900630072006F0073006F00660074005C0050006C0075006700750069006E002E006500780065000000
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Avgnt: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D006900630072006F0073006F00660074005C0050006C0075006700750069006E002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D006900630072006F0073006F00660074005C0050006C0075006700750069006E002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Avirnt: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D006900630072006F0073006F00660074005C0050006C0075006700750069006E002E006500780065000000

Detected by UnHackMe:

PLUGUIN.EXE
Default location: %SYSDIR%\MICROSOFT\PLUGUIN.EXE

Dropper information:
MD5: 0d1a20377070f65f57ce015abc40eaaf
File size: 822655 bytes