Elex Hijacker

Posted: April 1, 2015

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	23
Threat Level:	5/10
Infected PCs:	4,692,346

First Seen:	April 1, 2015
Last Seen:	March 10, 2025
OS(es) Affected:	Windows

The Elex Hijacker is a browser hijacker: a threat that forces your browser to load unwanted websites. Most browser hijackers lack any formal recognition for being a threat, but malware researchers do consider removing the Elex Hijacker and similar software an essential baseline for your safety while browsing the Web. Using standard anti-adware and anti-malware tools for cleaning your PC can provide the best assurance for the removal of an Elex Hijacker along with all settings changes.

The Internet Entertainment that Came by Force

Purveyors of unwanted software and services rarely limit themselves to just one such business venture and may utilize multiple domains and brand names that show few differences from past offerings. The Hichina Zhicheng Technology is one company with a previous name for trafficking in questionable payment-processing domains and Yet Another Cleaner (or YAC) scamware, but also may be expanding into browser-hijacking apps. The sample currently being investigated by malware experts, the Elex Hijacker, promotes Elex.com, one of the company's entertainment product websites. The site is designed for Chinese audiences, although targets of unwanted software installations from the same company have spanned other countries around the world.

Browsers modified by an Elex Hijacker may show symptoms as outlined below:

Your browser's homepage, search engine, or default new tab may lock itself to Elex.com.
Your browser may load additional, Elex brand-affiliated advertisements that inject themselves into unrelated Web pages.

Unlike some of the more overt, browser-hijacking products malware researchers see, the Elex Hijacker is unassociated with toolbars or other browser apps that include visible User-Interface elements. As per the usual standards for Potentially Unwanted Software, an Elex Hijacker overrides all default browser settings. The full range of browsers being targeted by the Elex Hijacker campaign still is under confirmation, although popular brands like Chrome and Internet Explorer are likely of inclusion.

Because Elex.com hosts no threatening content, your browser security products are not likely to display warnings after your browser redirects itself to this site.

Redirecting Your Browser out of a Hijacking

Products that have no purpose beyond exerting control over your browser are unlikely sources for providing any features worth putting up with that security risk. Although the Elex Hijacker isn't classified as being a threat currently, like most PUPs, its presence may put your Web-browsing safety in danger by redirecting you to harmful websites unintentionally, or exposing you to advertisements with deceptive content. Whether or not you use a Web browser being modified by an Elex Hijacker regularly, removing this PUP and software related to the Elex Hijacker always should be strongly considered.

When uninstalling an Elex Hijacker, reboot your computer and load the Advanced Boot Options menu by pressing F8 before your operating system loads. Selecting any Safe Mode option will let your OS launch only with essential programs, ideally blocking the automated launching of any unwanted or harmful software. From that sterile environment, scan your computer with your preferred security solution, reset the affected browser's cache, and reboot. Any scans also may find additional, Potentially Unwanted Programs on your PC at the same time as the Elex Hijacker, such as variants of YAC or Adware.Graftor, that are noted for being affiliated with the Elex.com's company.

Since the Elex Hijacker distribution model still is being investigated, malware researchers only can recommend generalized security protocols, such as scanning downloads and blocking in-browser scripts, for avoiding this threat.

Aliases

Riskware/Elex [Fortinet]PUP/XTab [Panda]Artemis!5C76D5C030CB [McAfee]PUP/Win32.Generic [AhnLab-V3]Artemis!Trojan [McAfee-GW-Edition]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\10\WinSAP.dll

File name: WinSAP.dll
Size: 1.88 MB (1887232 bytes)
MD5: 2f7bae01856c042b065cb8d691665cc8
Detection count: 8,930
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\10\WinSAP.dll
Group: Malware file
Last Updated: June 16, 2024

%PROGRAMFILES%\SNARE\terana64.dll

File name: terana64.dll
Size: 909.31 KB (909312 bytes)
MD5: 67a8678a6a84d323814b3dea0eb271b0
Detection count: 7,289
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SNARE\terana64.dll
Group: Malware file
Last Updated: October 14, 2024

%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\~seEBF0.tmp

File name: ~seEBF0.tmp
Size: 830.46 KB (830464 bytes)
MD5: f836ee87da9248456dfab1227ffb25ef
Detection count: 6,495
File type: Temporary File
Mime Type: unknown/tmp
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\~seEBF0.tmp
Group: Malware file
Last Updated: March 1, 2025

C:\Users\<username>\AppData\Local\Temp\~seD124.tmp

File name: ~seD124.tmp
Size: 908.28 KB (908288 bytes)
MD5: 0a2b05b9c1f413510f6c036c260264fc
Detection count: 4,087
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~seD124.tmp
Group: Malware file
Last Updated: November 25, 2023

%SYSTEMDRIVE%\documents and settings\administrador\configurações locais\dados de aplicativos\glory\glory.dll

File name: glory.dll
Size: 689.15 KB (689152 bytes)
MD5: 24d733bdb924df52f0c0966c6233bacc
Detection count: 3,553
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\documents and settings\administrador\configurações locais\dados de aplicativos\glory\glory.dll
Group: Malware file
Last Updated: June 16, 2024

%WINDIR%\Temp\tmp67A6.tmp\kitty1.dll

File name: kitty1.dll
Size: 1.81 MB (1812992 bytes)
MD5: fbac42b2e87374cbbe6ea6c233167124
Detection count: 3,345
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\Temp\tmp67A6.tmp\kitty1.dll
Group: Malware file
Last Updated: October 14, 2024

%PROGRAMFILES%\SNARE\terana.dll

File name: terana.dll
Size: 665.6 KB (665600 bytes)
MD5: fe035b504be7efa437cad67c871eb4d4
Detection count: 3,288
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SNARE\terana.dll
Group: Malware file
Last Updated: June 16, 2024

%PROGRAMFILES(x86)%\Jovishsterqile\_ALLOWDEL_b17a5\kokoko1.dll

File name: kokoko1.dll
Size: 123.9 KB (123904 bytes)
MD5: 4d15e77941a8b96209d561b6d859dd5f
Detection count: 2,850
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\Jovishsterqile\_ALLOWDEL_b17a5\kokoko1.dll
Group: Malware file
Last Updated: October 14, 2024

%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\~se8F5.tmp

File name: ~se8F5.tmp
Size: 652.28 KB (652288 bytes)
MD5: 19488e1593252b738beebf8632b57075
Detection count: 2,815
File type: Temporary File
Mime Type: unknown/tmp
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\~se8F5.tmp
Group: Malware file
Last Updated: December 27, 2023

C:\Program Files (x86)\Jamper\Application\bin\Jamper.dll

File name: Jamper.dll
Size: 139.77 KB (139776 bytes)
MD5: c17e67bdcbcec49226dadf6450287ef6
Detection count: 2,607
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Program Files (x86)\Jamper\Application\bin\Jamper.dll
Group: Malware file
Last Updated: August 20, 2022

c:\programdata\microsoft onedrive\setup\synctool.dll

File name: synctool.dll
Size: 129.02 KB (129024 bytes)
MD5: 6f749bd448a92962b31e16d9bae77125
Detection count: 2,141
File type: Dynamic link library
Mime Type: unknown/dll
Path: c:\programdata\microsoft onedrive\setup\synctool.dll
Group: Malware file
Last Updated: July 21, 2023

%WINDIR%\System32\drivers\NetUtils2016.sys.0e680f4f

File name: NetUtils2016.sys.0e680f4f
Size: 907.16 KB (907160 bytes)
MD5: 999995e6e594d8f7aa72029c8eb2b952
Detection count: 1,302
Mime Type: unknown/0e680f4f
Path: %WINDIR%\System32\drivers\NetUtils2016.sys.0e680f4f
Group: Malware file
Last Updated: March 29, 2024

C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe

File name: FirefoxUpdate.exe
Size: 110.59 KB (110592 bytes)
MD5: ea4172402f973e5b9bbfae6f0a17fe24
Detection count: 1,134
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
Group: Malware file
Last Updated: March 10, 2023

C:\Users\<username>\AppData\Local\Temp\~se5BA.tmp

File name: ~se5BA.tmp
Size: 687.61 KB (687616 bytes)
MD5: 0f393897a889d3a7b528283060c6c2e6
Detection count: 1,045
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~se5BA.tmp
Group: Malware file
Last Updated: October 11, 2023

C:\Users\<username>\AppData\Local\Temp\~se82E5.tmp

File name: ~se82E5.tmp
Size: 652.28 KB (652288 bytes)
MD5: 89e194be6e316330a6bdf40b05186c6f
Detection count: 808
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~se82E5.tmp
Group: Malware file
Last Updated: June 16, 2024

c:\programdata\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab:dp

File name: 30daf459e79c5d26366654b1b482e87.cab:dp
Size: 102.91 KB (102912 bytes)
MD5: 5ada1bee43ca44d6b481fa8ec52e4dc7
Detection count: 375
Mime Type: unknown/cab:dp
Path: c:\programdata\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab:dp
Group: Malware file
Last Updated: May 20, 2023

C:\Users\<username>\AppData\Local\Temp\~seEE92.tmp

File name: ~seEE92.tmp
Size: 658.43 KB (658432 bytes)
MD5: 51f76a0fdeeee8f4c75c0a14b037027b
Detection count: 213
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~seEE92.tmp
Group: Malware file
Last Updated: September 5, 2022

%TEMP%\3\CPK.exe

File name: CPK.exe
Size: 122.36 KB (122368 bytes)
MD5: 3232a5dd21a04641e2b4f3875f554151
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\3
Group: Malware file
Last Updated: May 12, 2017

C:\Users\<username>\AppData\Local\Temp\~seF619.tmp

File name: ~seF619.tmp
Size: 654.84 KB (654848 bytes)
MD5: 59ceb9de4c5be1491fe4d54a5b9cd2c9
Detection count: 63
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~seF619.tmp
Group: Malware file
Last Updated: June 27, 2022

%ALLUSERSPROFILE%\BIT\BIT.dll

File name: BIT.dll
Size: 1.81 MB (1812992 bytes)
MD5: 02dc3a4ac9e298878fca4dc5ee5d0e9a
Detection count: 47
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BIT
Group: Malware file
Last Updated: August 5, 2020

%PROGRAMFILES%\WinArcher\Archer.dll

File name: Archer.dll
Size: 760.32 KB (760320 bytes)
MD5: fb05d6f5d14aee88fdea16766130e75e
Detection count: 19
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\WinArcher
Group: Malware file
Last Updated: May 18, 2017

%LOCALAPPDATA%\CSHMDR\Snare.dll

File name: Snare.dll
Size: 900.09 KB (900096 bytes)
MD5: 39cc352e988e2939bc587c0bb9c76a0a
Detection count: 19
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\CSHMDR
Group: Malware file
Last Updated: June 1, 2017

%LOCALAPPDATA%\Kitty\Kitty.dll

File name: Kitty.dll
Size: 304.55 KB (304558 bytes)
MD5: 3b35fd22f7c67cdfd897fad1c6edf2e2
Detection count: 7
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\Kitty
Group: Malware file
Last Updated: May 9, 2017

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}SOFTWARE\ompndbSOFTWARE\WOW6432Node\ompndb

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\rEuWuFTools%APPDATA%\appyphinek%APPDATA%\dapicult%APPDATA%\herley%PROGRAMFILES%\Nidaty%PROGRAMFILES%\apptools%PROGRAMFILES%\clugoghphwodom%PROGRAMFILES%\clugokftgh%PROGRAMFILES%\clunaent%PROGRAMFILES%\coercock%PROGRAMFILES%\coerkocult%PROGRAMFILES%\cogapymoderther%PROGRAMFILES%\coicerph%PROGRAMFILES%\coidswermepy%PROGRAMFILES%\coohatain%PROGRAMFILES%\cootion%PROGRAMFILES%\copkmahoch%PROGRAMFILES%\daletictain%PROGRAMFILES%\dapasy%PROGRAMFILES%\datosh%PROGRAMFILES%\deceward%PROGRAMFILES%\dedoly%PROGRAMFILES%\deqosehasity%PROGRAMFILES%\dermupy%PROGRAMFILES%\derrepyvivering%PROGRAMFILES%\diaent%PROGRAMFILES%\dliterpory%PROGRAMFILES%\dnesharuzus%PROGRAMFILES%\dralach%PROGRAMFILES%\dranoge%PROGRAMFILES%\drarainganipition%PROGRAMFILES%\drecetain%PROGRAMFILES%\drenackghowedom%PROGRAMFILES%\dresle%PROGRAMFILES%\dretule%PROGRAMFILES%\drewespgrerwey%PROGRAMFILES%\drizphqolother%PROGRAMFILES%\drjother%PROGRAMFILES%\drpasydest%PROGRAMFILES%\druciy%PROGRAMFILES%\druditain%PROGRAMFILES%\eepyruha%PROGRAMFILES%\emather%PROGRAMFILES%\fepuly%PROGRAMFILES%\figasy%PROGRAMFILES%\fijushreibuent%PROGRAMFILES%\fovigemei%PROGRAMFILES%\garunufupy%PROGRAMFILES%\gazshrasity%PROGRAMFILES%\gefudom%PROGRAMFILES%\gersieddrerterpy%PROGRAMFILES%\gertery%PROGRAMFILES%\ghabuty%PROGRAMFILES%\gherertionghatersh%PROGRAMFILES%\ghergersyqerkeing%PROGRAMFILES%\gherjech%PROGRAMFILES%\gherkadomijly%PROGRAMFILES%\ghezeentghicay%PROGRAMFILES%\ghgersybqury%PROGRAMFILES%\ghibay%PROGRAMFILES%\ghijerght%PROGRAMFILES%\ghmalyanacoing%PROGRAMFILES%\ghojetain%PROGRAMFILES%\ghojiryjile%PROGRAMFILES%\ghorugh%PROGRAMFILES%\ghubuge%PROGRAMFILES%\ghuverckplokaent%PROGRAMFILES%\gjadom%PROGRAMFILES%\gokolestepation%PROGRAMFILES%\graghmerrek%PROGRAMFILES%\granidomrsaph%PROGRAMFILES%\grerght%PROGRAMFILES%\grersiward%PROGRAMFILES%\griduy%PROGRAMFILES%\grigikcunack%PROGRAMFILES%\grihersmiritain%PROGRAMFILES%\griqitherphegoty%PROGRAMFILES%\grokise%PROGRAMFILES%\groseghtjibied%PROGRAMFILES%\grtase%PROGRAMFILES%\grupward%PROGRAMFILES%\grurecult%PROGRAMFILES%\grutesy%PROGRAMFILES%\gubicult%PROGRAMFILES%\hecyhewury%PROGRAMFILES%\herary%PROGRAMFILES%\hidupyplumole%PROGRAMFILES%\hiulysaey%PROGRAMFILES%\holush%PROGRAMFILES%\hubishrwoy%PROGRAMFILES%\humedomlutik%PROGRAMFILES%\huweried%PROGRAMFILES%\icackaraergh%PROGRAMFILES%\idoing%PROGRAMFILES%\idotion%PROGRAMFILES%\ifeghtarinuph%PROGRAMFILES%\jercaenttrch%PROGRAMFILES%\jerjers%PROGRAMFILES%\jetrympward%PROGRAMFILES%\jeweseprsot%PROGRAMFILES%\kedasepuving%PROGRAMFILES%\kikusphudoght%PROGRAMFILES%\lafetqilse%PROGRAMFILES%\lerlaied%PROGRAMFILES%\lermacultoqus%PROGRAMFILES%\lfasyjiqege%PROGRAMFILES%\mehition%PROGRAMFILES%\meqoshvurery%PROGRAMFILES%\mevaentcoijely%PROGRAMFILES%\mijerwardplemese%PROGRAMFILES%\miqoshzesetion%PROGRAMFILES%\miwertainckerpsp%PROGRAMFILES%\mizotycernery%PROGRAMFILES%\mokagecerpuly%PROGRAMFILES%\naerentprefos%PROGRAMFILES%\nasitain%PROGRAMFILES%\nelithetay%PROGRAMFILES%\nerrachghefeing%PROGRAMFILES%\nerwughlleried%PROGRAMFILES%\newughikeing%PROGRAMFILES%\nilchtherjerent%PROGRAMFILES%\nimkdejersp%PROGRAMFILES%\nitish%PROGRAMFILES%\niwerdavitain%PROGRAMFILES%\nofoiedanasition%PROGRAMFILES%\nvather%PROGRAMFILES%\pciphtheviry%PROGRAMFILES%\peloch%PROGRAMFILES%\perkaght%PROGRAMFILES%\peroty%PROGRAMFILES%\phaderplemaing%PROGRAMFILES%\phagiselipege%PROGRAMFILES%\phapergeatjaied%PROGRAMFILES%\phbiiedtorle%PROGRAMFILES%\phediktebaght%PROGRAMFILES%\pheption%PROGRAMFILES%\pherluied%PROGRAMFILES%\pherlutherprudit%PROGRAMFILES%\phohatyreamuy%PROGRAMFILES%\phudikthwisy%PROGRAMFILES%\phuhos%PROGRAMFILES%\phuige%PROGRAMFILES%\phuquk%PROGRAMFILES%\phviingstaledom%PROGRAMFILES%\pirering%PROGRAMFILES%\placutherghulers%PROGRAMFILES%\plberied%PROGRAMFILES%\plebuckwuwury%PROGRAMFILES%\plelage%PROGRAMFILES%\plerqer%PROGRAMFILES%\plokoy%PROGRAMFILES%\pluteward%PROGRAMFILES%\preguckuech%PROGRAMFILES%\prergasp%PROGRAMFILES%\prerqiwarddacertain%PROGRAMFILES%\prerus%PROGRAMFILES%\pripiieddocch%PROGRAMFILES%\prissy%PROGRAMFILES%\prjoentmerdery%PROGRAMFILES%\prlusterkogh%PROGRAMFILES%\projlyanubay%PROGRAMFILES%\prunaplatuph%PROGRAMFILES%\prusash%PROGRAMFILES%\pubight%PROGRAMFILES%\qeqotion%PROGRAMFILES%\qitech%PROGRAMFILES%\qivethercoqerly%PROGRAMFILES%\qnuhegach%PROGRAMFILES%\rEuWuFTools%PROGRAMFILES%\razoward%PROGRAMFILES%\reasetyulesp%PROGRAMFILES%\reawerghtraserph%PROGRAMFILES%\rebergeclarodom%PROGRAMFILES%\reilechjpu%PROGRAMFILES%\reiwaghgherfile%PROGRAMFILES%\remerspwaqing%PROGRAMFILES%\reoientrusoge%PROGRAMFILES%\reratqatudom%PROGRAMFILES%\rerkuy%PROGRAMFILES%\rersse%PROGRAMFILES%\retawardkukty%PROGRAMFILES%\reuses%PROGRAMFILES%\riferpy%PROGRAMFILES%\rosatain%PROGRAMFILES%\sagerspkawege%PROGRAMFILES%\sahotplerpoied%PROGRAMFILES%\saquterpward%PROGRAMFILES%\serhesy%PROGRAMFILES%\sewasemhient%PROGRAMFILES%\shapoly%PROGRAMFILES%\shepashkuderward%PROGRAMFILES%\shijerghnuguch%PROGRAMFILES%\shntherquhither%PROGRAMFILES%\shoccult%PROGRAMFILES%\shodisyqrugh%PROGRAMFILES%\shomephclezeried%PROGRAMFILES%\shorush%PROGRAMFILES%\shumaing%PROGRAMFILES%\shuqitainstazegh%PROGRAMFILES%\shurerphraterward%PROGRAMFILES%\sokeing%PROGRAMFILES%\stiduy%PROGRAMFILES%\stumogeqebut%PROGRAMFILES%\tukoentvegsh%PROGRAMFILES%\valoryatusation%PROGRAMFILES%\vastyatedeing%PROGRAMFILES%\vehotherdreguty%PROGRAMFILES%\vieshhubule%PROGRAMFILES%\voboght%PROGRAMFILES(x86)%\Aterlutthikile%PROGRAMFILES(x86)%\Nidaty%PROGRAMFILES(x86)%\apptools%PROGRAMFILES(x86)%\cluberspmercerk%PROGRAMFILES(x86)%\clugoghphwodom%PROGRAMFILES(x86)%\clugokftgh%PROGRAMFILES(x86)%\clunaent%PROGRAMFILES(x86)%\cluvigegowory%PROGRAMFILES(x86)%\coepageatovry%PROGRAMFILES(x86)%\coercock%PROGRAMFILES(x86)%\coerkocult%PROGRAMFILES(x86)%\cogapymoderther%PROGRAMFILES(x86)%\coicerph%PROGRAMFILES(x86)%\coidswermepy%PROGRAMFILES(x86)%\conochdupution%PROGRAMFILES(x86)%\coohatain%PROGRAMFILES(x86)%\copkmahoch%PROGRAMFILES(x86)%\couwadomcerperdom%PROGRAMFILES(x86)%\daletictain%PROGRAMFILES(x86)%\dapasy%PROGRAMFILES(x86)%\datosh%PROGRAMFILES(x86)%\deceward%PROGRAMFILES(x86)%\dedoly%PROGRAMFILES(x86)%\deqosehasity%PROGRAMFILES(x86)%\dermupy%PROGRAMFILES(x86)%\derrepyvivering%PROGRAMFILES(x86)%\diaent%PROGRAMFILES(x86)%\dliterpory%PROGRAMFILES(x86)%\dnesharuzus%PROGRAMFILES(x86)%\donagesetese%PROGRAMFILES(x86)%\drakerlecgadom%PROGRAMFILES(x86)%\dralach%PROGRAMFILES(x86)%\dranoge%PROGRAMFILES(x86)%\drarainganipition%PROGRAMFILES(x86)%\drecetain%PROGRAMFILES(x86)%\drejiy%PROGRAMFILES(x86)%\drenackghowedom%PROGRAMFILES(x86)%\dresle%PROGRAMFILES(x86)%\dretule%PROGRAMFILES(x86)%\drewespgrerwey%PROGRAMFILES(x86)%\drizphqolother%PROGRAMFILES(x86)%\drjother%PROGRAMFILES(x86)%\droqekziday%PROGRAMFILES(x86)%\drpasydest%PROGRAMFILES(x86)%\druciy%PROGRAMFILES(x86)%\druditain%PROGRAMFILES(x86)%\dudusyplesoch%PROGRAMFILES(x86)%\duqitainpcile%PROGRAMFILES(x86)%\eepyruha%PROGRAMFILES(x86)%\emather%PROGRAMFILES(x86)%\fepuly%PROGRAMFILES(x86)%\fermuge%PROGRAMFILES(x86)%\ferory%PROGRAMFILES(x86)%\feusenofs%PROGRAMFILES(x86)%\figasy%PROGRAMFILES(x86)%\fijushreibuent%PROGRAMFILES(x86)%\filetnemerck%PROGRAMFILES(x86)%\fovigemei%PROGRAMFILES(x86)%\garunufupy%PROGRAMFILES(x86)%\gazshrasity%PROGRAMFILES(x86)%\gefing%PROGRAMFILES(x86)%\gefudom%PROGRAMFILES(x86)%\gerrershsterother%PROGRAMFILES(x86)%\gersoghgrlopy%PROGRAMFILES(x86)%\gertery%PROGRAMFILES(x86)%\ghabuty%PROGRAMFILES(x86)%\gherertionghatersh%PROGRAMFILES(x86)%\ghergersyqerkeing%PROGRAMFILES(x86)%\gherhis%PROGRAMFILES(x86)%\gherjech%PROGRAMFILES(x86)%\gherkadomijly%PROGRAMFILES(x86)%\ghgersybqury%PROGRAMFILES(x86)%\ghibay%PROGRAMFILES(x86)%\ghijerght%PROGRAMFILES(x86)%\ghmalyanacoing%PROGRAMFILES(x86)%\ghojetain%PROGRAMFILES(x86)%\ghojiryjile%PROGRAMFILES(x86)%\ghorugh%PROGRAMFILES(x86)%\ghubuge%PROGRAMFILES(x86)%\ghuverckplokaent%PROGRAMFILES(x86)%\gjadom%PROGRAMFILES(x86)%\gokolestepation%PROGRAMFILES(x86)%\granidomrsaph%PROGRAMFILES(x86)%\grawition%PROGRAMFILES(x86)%\grcakmiberdom%PROGRAMFILES(x86)%\grerght%PROGRAMFILES(x86)%\grersiward%PROGRAMFILES(x86)%\grerzersp%PROGRAMFILES(x86)%\griduy%PROGRAMFILES(x86)%\grihersmiritain%PROGRAMFILES(x86)%\griqitherphegoty%PROGRAMFILES(x86)%\grocentreevugh%PROGRAMFILES(x86)%\grokise%PROGRAMFILES(x86)%\gromeent%PROGRAMFILES(x86)%\groseghtjibied%PROGRAMFILES(x86)%\grtase%PROGRAMFILES(x86)%\grupward%PROGRAMFILES(x86)%\grurecult%PROGRAMFILES(x86)%\grutesy%PROGRAMFILES(x86)%\gubicult%PROGRAMFILES(x86)%\hecyhewury%PROGRAMFILES(x86)%\herary%PROGRAMFILES(x86)%\herhery%PROGRAMFILES(x86)%\herjery%PROGRAMFILES(x86)%\hertion%PROGRAMFILES(x86)%\hidupyplumole%PROGRAMFILES(x86)%\hiulysaey%PROGRAMFILES(x86)%\holush%PROGRAMFILES(x86)%\howight%PROGRAMFILES(x86)%\hubishrwoy%PROGRAMFILES(x86)%\humedomlutik%PROGRAMFILES(x86)%\huvachreerjepy%PROGRAMFILES(x86)%\icackaraergh%PROGRAMFILES(x86)%\icockreoguing%PROGRAMFILES(x86)%\idoing%PROGRAMFILES(x86)%\idotion%PROGRAMFILES(x86)%\ifeghtarinuph%PROGRAMFILES(x86)%\jacestreward%PROGRAMFILES(x86)%\jegoing%PROGRAMFILES(x86)%\jercaenttrch%PROGRAMFILES(x86)%\jerjers%PROGRAMFILES(x86)%\jetrympward%PROGRAMFILES(x86)%\jevilewomuty%PROGRAMFILES(x86)%\jeweseprsot%PROGRAMFILES(x86)%\jntmodo%PROGRAMFILES(x86)%\jorosparertary%PROGRAMFILES(x86)%\judolyderfck%PROGRAMFILES(x86)%\juserly%PROGRAMFILES(x86)%\kajuynobersh%PROGRAMFILES(x86)%\kedasepuving%PROGRAMFILES(x86)%\keoght%PROGRAMFILES(x86)%\kikusphudoght%PROGRAMFILES(x86)%\kukther%PROGRAMFILES(x86)%\kuroplgaly%PROGRAMFILES(x86)%\lafetqilse%PROGRAMFILES(x86)%\lerlaied%PROGRAMFILES(x86)%\lermacultoqus%PROGRAMFILES(x86)%\lerqashchigother%PROGRAMFILES(x86)%\letegeshopother%PROGRAMFILES(x86)%\lfasyjiqege%PROGRAMFILES(x86)%\lgechsteris%PROGRAMFILES(x86)%\lhoyplerwuse%PROGRAMFILES(x86)%\lomutherbagaied%PROGRAMFILES(x86)%\luhuch%PROGRAMFILES(x86)%\lurshgerns%PROGRAMFILES(x86)%\lwuward%PROGRAMFILES(x86)%\magdom%PROGRAMFILES(x86)%\mehition%PROGRAMFILES(x86)%\meqoshvurery%PROGRAMFILES(x86)%\mertoghtzehige%PROGRAMFILES(x86)%\mevaentcoijely%PROGRAMFILES(x86)%\mijerwardplemese%PROGRAMFILES(x86)%\miqoshzesetion%PROGRAMFILES(x86)%\miwertainckerpsp%PROGRAMFILES(x86)%\mizotycernery%PROGRAMFILES(x86)%\mokagecerpuly%PROGRAMFILES(x86)%\muziiedsvosh%PROGRAMFILES(x86)%\naerentprefos%PROGRAMFILES(x86)%\nasitain%PROGRAMFILES(x86)%\negerle%PROGRAMFILES(x86)%\negoent%PROGRAMFILES(x86)%\nelithetay%PROGRAMFILES(x86)%\nerrachghefeing%PROGRAMFILES(x86)%\nerwughlleried%PROGRAMFILES(x86)%\newughikeing%PROGRAMFILES(x86)%\nilchtherjerent%PROGRAMFILES(x86)%\nimkdejersp%PROGRAMFILES(x86)%\nitish%PROGRAMFILES(x86)%\niwerdavitain%PROGRAMFILES(x86)%\noferkgrorerk%PROGRAMFILES(x86)%\nofoiedanasition%PROGRAMFILES(x86)%\nulchsezas%PROGRAMFILES(x86)%\nvather%PROGRAMFILES(x86)%\pciphtheviry%PROGRAMFILES(x86)%\pedittawese%PROGRAMFILES(x86)%\pekusy%PROGRAMFILES(x86)%\peloch%PROGRAMFILES(x86)%\peroty%PROGRAMFILES(x86)%\phaderplemaing%PROGRAMFILES(x86)%\phagiselipege%PROGRAMFILES(x86)%\phagoge%PROGRAMFILES(x86)%\phapergeatjaied%PROGRAMFILES(x86)%\pharudom%PROGRAMFILES(x86)%\phediktebaght%PROGRAMFILES(x86)%\pheption%PROGRAMFILES(x86)%\pherluied%PROGRAMFILES(x86)%\pherlutherprudit%PROGRAMFILES(x86)%\phertuph%PROGRAMFILES(x86)%\pherzok%PROGRAMFILES(x86)%\philughgrukis%PROGRAMFILES(x86)%\phudikthwisy%PROGRAMFILES(x86)%\phuige%PROGRAMFILES(x86)%\phuquk%PROGRAMFILES(x86)%\phviingstaledom%PROGRAMFILES(x86)%\pirering%PROGRAMFILES(x86)%\pizery%PROGRAMFILES(x86)%\placutherghulers%PROGRAMFILES(x86)%\platergh%PROGRAMFILES(x86)%\platety%PROGRAMFILES(x86)%\plberied%PROGRAMFILES(x86)%\plebuckwuwury%PROGRAMFILES(x86)%\plelage%PROGRAMFILES(x86)%\plercitzumet%PROGRAMFILES(x86)%\plibedom%PROGRAMFILES(x86)%\plizoy%PROGRAMFILES(x86)%\plokoy%PROGRAMFILES(x86)%\pluteward%PROGRAMFILES(x86)%\poaentdermuch%PROGRAMFILES(x86)%\preguckuech%PROGRAMFILES(x86)%\prergasp%PROGRAMFILES(x86)%\prerqiwarddacertain%PROGRAMFILES(x86)%\prerus%PROGRAMFILES(x86)%\prifuly%PROGRAMFILES(x86)%\pripiieddocch%PROGRAMFILES(x86)%\prissy%PROGRAMFILES(x86)%\prjoentmerdery%PROGRAMFILES(x86)%\prlusterkogh%PROGRAMFILES(x86)%\projlyanubay%PROGRAMFILES(x86)%\prunaplatuph%PROGRAMFILES(x86)%\prusash%PROGRAMFILES(x86)%\prutuy%PROGRAMFILES(x86)%\pubight%PROGRAMFILES(x86)%\qalolefaqent%PROGRAMFILES(x86)%\qeqotion%PROGRAMFILES(x86)%\qerhawardkiztion%PROGRAMFILES(x86)%\qerzise%PROGRAMFILES(x86)%\qitech%PROGRAMFILES(x86)%\qivethercoqerly%PROGRAMFILES(x86)%\qnuhegach%PROGRAMFILES(x86)%\razoward%PROGRAMFILES(x86)%\reasetyulesp%PROGRAMFILES(x86)%\reawerghtraserph%PROGRAMFILES(x86)%\rebergeclarodom%PROGRAMFILES(x86)%\reerwerghtsergale%PROGRAMFILES(x86)%\referkzabak%PROGRAMFILES(x86)%\reilechjpu%PROGRAMFILES(x86)%\reiwaghgherfile%PROGRAMFILES(x86)%\remerspwaqing%PROGRAMFILES(x86)%\reocight%PROGRAMFILES(x86)%\reoientrusoge%PROGRAMFILES(x86)%\reonosptewoy%PROGRAMFILES(x86)%\reosetherprutaent%PROGRAMFILES(x86)%\reowtainvesck%PROGRAMFILES(x86)%\reratqatudom%PROGRAMFILES(x86)%\rerkuy%PROGRAMFILES(x86)%\rersse%PROGRAMFILES(x86)%\reurusptujos%PROGRAMFILES(x86)%\reuses%PROGRAMFILES(x86)%\riferpy%PROGRAMFILES(x86)%\rilethercheduied%PROGRAMFILES(x86)%\ripitsjile%PROGRAMFILES(x86)%\rjatain%PROGRAMFILES(x86)%\rokaphdruzitain%PROGRAMFILES(x86)%\rolugh%PROGRAMFILES(x86)%\rosatain%PROGRAMFILES(x86)%\sagerspkawege%PROGRAMFILES(x86)%\saquterpward%PROGRAMFILES(x86)%\serhesy%PROGRAMFILES(x86)%\sewasemhient%PROGRAMFILES(x86)%\shapoly%PROGRAMFILES(x86)%\shbseverqersp%PROGRAMFILES(x86)%\shekicult%PROGRAMFILES(x86)%\shepashkuderward%PROGRAMFILES(x86)%\shetighaterbent%PROGRAMFILES(x86)%\shijerghnuguch%PROGRAMFILES(x86)%\shntherquhither%PROGRAMFILES(x86)%\shoccult%PROGRAMFILES(x86)%\shodisyqrugh%PROGRAMFILES(x86)%\shomephclezeried%PROGRAMFILES(x86)%\shorush%PROGRAMFILES(x86)%\shumaing%PROGRAMFILES(x86)%\shuqitainstazegh%PROGRAMFILES(x86)%\shurerphraterward%PROGRAMFILES(x86)%\sokeing%PROGRAMFILES(x86)%\stiduy%PROGRAMFILES(x86)%\stumogeqebut%PROGRAMFILES(x86)%\thaberchnaey%PROGRAMFILES(x86)%\therhisy%PROGRAMFILES(x86)%\toliingcluverph%PROGRAMFILES(x86)%\tukerty%PROGRAMFILES(x86)%\tukoentvegsh%PROGRAMFILES(x86)%\valoryatusation%PROGRAMFILES(x86)%\vastyatedeing%PROGRAMFILES(x86)%\vehotherdreguty%PROGRAMFILES(x86)%\vervghtprerqercult%PROGRAMFILES(x86)%\vieshhubule%PROGRAMFILES(x86)%\vndomkivory%PROGRAMFILES(x86)%\voboght

The following URL's were detected:

fgldnknlljnfcfgchdijbjmmkdkmnabn

Elex Hijacker.C