Elex Hijacker
Posted: April 1, 2015
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 26 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 4,503,987 |
| First Seen: | April 1, 2015 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
The Elex Hijacker is a browser hijacker: a threat that forces your browser to load unwanted websites. Most browser hijackers lack any formal recognition for being a threat, but malware researchers do consider removing the Elex Hijacker and similar software an essential baseline for your safety while browsing the Web. Using standard anti-adware and anti-malware tools for cleaning your PC can provide the best assurance for the removal of an Elex Hijacker along with all settings changes.
The Internet Entertainment that Came by Force
Purveyors of unwanted software and services rarely limit themselves to just one such business venture and may utilize multiple domains and brand names that show few differences from past offerings. The Hichina Zhicheng Technology is one company with a previous name for trafficking in questionable payment-processing domains and Yet Another Cleaner (or YAC) scamware, but also may be expanding into browser-hijacking apps. The sample currently being investigated by malware experts, the Elex Hijacker, promotes Elex.com, one of the company's entertainment product websites. The site is designed for Chinese audiences, although targets of unwanted software installations from the same company have spanned other countries around the world.
Browsers modified by an Elex Hijacker may show symptoms as outlined below:
- Your browser's homepage, search engine, or default new tab may lock itself to Elex.com.
- Your browser may load additional, Elex brand-affiliated advertisements that inject themselves into unrelated Web pages.
Unlike some of the more overt, browser-hijacking products malware researchers see, the Elex Hijacker is unassociated with toolbars or other browser apps that include visible User-Interface elements. As per the usual standards for Potentially Unwanted Software, an Elex Hijacker overrides all default browser settings. The full range of browsers being targeted by the Elex Hijacker campaign still is under confirmation, although popular brands like Chrome and Internet Explorer are likely of inclusion.
Because Elex.com hosts no threatening content, your browser security products are not likely to display warnings after your browser redirects itself to this site.
Redirecting Your Browser out of a Hijacking
Products that have no purpose beyond exerting control over your browser are unlikely sources for providing any features worth putting up with that security risk. Although the Elex Hijacker isn't classified as being a threat currently, like most PUPs, its presence may put your Web-browsing safety in danger by redirecting you to harmful websites unintentionally, or exposing you to advertisements with deceptive content. Whether or not you use a Web browser being modified by an Elex Hijacker regularly, removing this PUP and software related to the Elex Hijacker always should be strongly considered.
When uninstalling an Elex Hijacker, reboot your computer and load the Advanced Boot Options menu by pressing F8 before your operating system loads. Selecting any Safe Mode option will let your OS launch only with essential programs, ideally blocking the automated launching of any unwanted or harmful software. From that sterile environment, scan your computer with your preferred security solution, reset the affected browser's cache, and reboot. Any scans also may find additional, Potentially Unwanted Programs on your PC at the same time as the Elex Hijacker, such as variants of YAC or Adware.Graftor, that are noted for being affiliated with the Elex.com's company.
Since the Elex Hijacker distribution model still is being investigated, malware researchers only can recommend generalized security protocols, such as scanning downloads and blocking in-browser scripts, for avoiding this threat.
Aliases
Riskware/Elex [Fortinet]PUP/XTab [Panda]Artemis!5C76D5C030CB [McAfee]PUP/Win32.Generic [AhnLab-V3]Artemis!Trojan [McAfee-GW-Edition]
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\10\WinSAP.dll
File name: WinSAP.dllSize: 1.88 MB (1887232 bytes)
MD5: 2f7bae01856c042b065cb8d691665cc8
Detection count: 8,893
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\10\WinSAP.dll
Group: Malware file
Last Updated: October 6, 2023
%PROGRAMFILES%\SNARE\terana64.dll
File name: terana64.dllSize: 909.31 KB (909312 bytes)
MD5: 67a8678a6a84d323814b3dea0eb271b0
Detection count: 7,246
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SNARE\terana64.dll
Group: Malware file
Last Updated: October 14, 2023
%WINDIR%\Temp\hp7530.tmp\kitty1.dll
File name: kitty1.dllSize: 1.81 MB (1812992 bytes)
MD5: 9dc27be85c36e1f1b026d94897400210
Detection count: 6,237
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\Temp\hp7530.tmp\kitty1.dll
Group: Malware file
Last Updated: October 14, 2023
C:\Users\<username>\AppData\Local\terana\terana.dll
File name: terana.dllSize: 908.28 KB (908288 bytes)
MD5: a999ec5c40f36f31f75a57cd6750ae9b
Detection count: 5,874
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Local\terana\terana.dll
Group: Malware file
Last Updated: October 3, 2023
C:\Users\<username>\AppData\Local\SNARE\Snare.dll
File name: Snare.dllSize: 898.04 KB (898048 bytes)
MD5: 7ae6153d68feb8f2c768e4af27bdcce3
Detection count: 5,012
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Local\SNARE\Snare.dll
Group: Malware file
Last Updated: October 6, 2023
C:\Users\<username>\AppData\Local\Temp\~seD124.tmp
File name: ~seD124.tmpSize: 908.28 KB (908288 bytes)
MD5: 0a2b05b9c1f413510f6c036c260264fc
Detection count: 4,080
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\<username>\AppData\Local\Temp\~seD124.tmp
Group: Malware file
Last Updated: February 16, 2023
%SYSTEMDRIVE%\documents and settings\administrador\configurações locais\dados de aplicativos\glory\glory.dll
File name: glory.dllSize: 689.15 KB (689152 bytes)
MD5: 24d733bdb924df52f0c0966c6233bacc
Detection count: 3,544
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\documents and settings\administrador\configurações locais\dados de aplicativos\glory\glory.dll
Group: Malware file
Last Updated: September 7, 2023
%WINDIR%\Temp\tmp67A6.tmp\kitty1.dll
File name: kitty1.dllSize: 1.81 MB (1812992 bytes)
MD5: fbac42b2e87374cbbe6ea6c233167124
Detection count: 3,337
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\Temp\tmp67A6.tmp\kitty1.dll
Group: Malware file
Last Updated: September 25, 2023
%PROGRAMFILES%\SNARE\terana.dll
File name: terana.dllSize: 665.6 KB (665600 bytes)
MD5: fe035b504be7efa437cad67c871eb4d4
Detection count: 3,281
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SNARE\terana.dll
Group: Malware file
Last Updated: October 11, 2023
%SYSTEMDRIVE%\Users\<username>\appdata\roaming\winsapsvc\winsap.dll
File name: winsap.dllSize: 1.88 MB (1887232 bytes)
MD5: 17fdeaff277c6cc1b21a08764ce1c4d6
Detection count: 2,909
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\winsapsvc\winsap.dll
Group: Malware file
Last Updated: October 3, 2023
%WINDIR%\Temp\nsi6492.tmp\WinSAP.dll
File name: WinSAP.dllSize: 1.88 MB (1886720 bytes)
MD5: 7f519cf28804e3a634a889c80046565b
Detection count: 2,862
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\Temp\nsi6492.tmp\WinSAP.dll
Group: Malware file
Last Updated: June 8, 2023
%SYSTEMDRIVE%\Users\<username>\appdata\local\terana\terana.dll
File name: terana.dllSize: 664.57 KB (664576 bytes)
MD5: 96fa28794f8896ee745172b4e20c8f6e
Detection count: 2,499
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\terana\terana.dll
Group: Malware file
Last Updated: August 14, 2023
%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\9\WinSAP.dll
File name: WinSAP.dllSize: 1.93 MB (1932800 bytes)
MD5: 00771ca033576ee7e2f1742600c48ffa
Detection count: 1,726
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\9\WinSAP.dll
Group: Malware file
Last Updated: April 4, 2023
%WINDIR%\Temp\tmpDDE3.tmp\kitty1.dll
File name: kitty1.dllSize: 1.81 MB (1811968 bytes)
MD5: 7e02638e86eafaae1cf9149046e83792
Detection count: 1,686
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\Temp\tmpDDE3.tmp\kitty1.dll
Group: Malware file
Last Updated: September 7, 2023
%SYSTEMDRIVE%\Users\<username>\appdata\local\snare\snare.dll
File name: snare.dllSize: 652.28 KB (652288 bytes)
MD5: 14131061fa014494b316107b0485cf88
Detection count: 1,614
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\snare\snare.dll
Group: Malware file
Last Updated: September 7, 2023
%SYSTEMDRIVE%\Users\<username>\appdata\local\glory\glory.dll
File name: glory.dllSize: 665.6 KB (665600 bytes)
MD5: e2fb8dac218b694bfbce94c214ea6e33
Detection count: 1,387
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\glory\glory.dll
Group: Malware file
Last Updated: November 1, 2022
%ALLUSERSPROFILE%\bit\bit.dll
File name: bit.dllSize: 1.81 MB (1812992 bytes)
MD5: 1e928a81eb61b70bce456bc67bccfd39
Detection count: 1,363
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\bit\bit.dll
Group: Malware file
Last Updated: October 3, 2023
C:\Documents and Settings\<username>\dados de aplicativos\winsapsvc\winsap.dll
File name: winsap.dllSize: 1.88 MB (1887232 bytes)
MD5: 0fb96dbb52043a7eb8ef78373bfe4002
Detection count: 279
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Documents and Settings\<username>\dados de aplicativos\winsapsvc\winsap.dll
Group: Malware file
Last Updated: September 27, 2023
%ALLUSERSPROFILE%\BIT\BIT.dll
File name: BIT.dllSize: 1.81 MB (1812992 bytes)
MD5: b33cde19cf70638ae9a42bc5eb9408fe
Detection count: 52
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BIT
Group: Malware file
Last Updated: March 30, 2020
%ALLUSERSPROFILE%\BIT\BIT.dll
File name: BIT.dllSize: 1.81 MB (1812992 bytes)
MD5: 02dc3a4ac9e298878fca4dc5ee5d0e9a
Detection count: 47
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BIT
Group: Malware file
Last Updated: August 5, 2020
%LOCALAPPDATA%\CSHMDR\Snare.dll
File name: Snare.dllSize: 658.43 KB (658432 bytes)
MD5: 79240797ee7efdbf469e86e652753b91
Detection count: 33
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\CSHMDR
Group: Malware file
Last Updated: May 30, 2017
%LOCALAPPDATA%\CSHMDR\Snare.dll
File name: Snare.dllSize: 658.43 KB (658432 bytes)
MD5: b172199bb63ed958992aa2e481492cd4
Detection count: 26
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\CSHMDR
Group: Malware file
Last Updated: May 30, 2017
%LOCALAPPDATA%\CSHMDR\Snare.dll
File name: Snare.dllSize: 900.09 KB (900096 bytes)
MD5: ba532658e4b7a600d1454e82da74af52
Detection count: 23
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\CSHMDR
Group: Malware file
Last Updated: May 26, 2017
%LOCALAPPDATA%\CSHMDR\Snare.dll
File name: Snare.dllSize: 900.09 KB (900096 bytes)
MD5: 39cc352e988e2939bc587c0bb9c76a0a
Detection count: 19
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\CSHMDR
Group: Malware file
Last Updated: June 1, 2017
More files
Registry Modifications
The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}SOFTWARE\ompndbSOFTWARE\WOW6432Node\ompndb
HKEY..\..\..\..{RegistryKeys}SOFTWARE\ompndbSOFTWARE\WOW6432Node\ompndb
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\rEuWuFTools%APPDATA%\appyphinek%APPDATA%\dapicult%APPDATA%\herley%PROGRAMFILES%\Nidaty%PROGRAMFILES%\apptools%PROGRAMFILES%\clugoghphwodom%PROGRAMFILES%\clugokftgh%PROGRAMFILES%\clunaent%PROGRAMFILES%\coercock%PROGRAMFILES%\coerkocult%PROGRAMFILES%\cogapymoderther%PROGRAMFILES%\coicerph%PROGRAMFILES%\coidswermepy%PROGRAMFILES%\coohatain%PROGRAMFILES%\cootion%PROGRAMFILES%\copkmahoch%PROGRAMFILES%\daletictain%PROGRAMFILES%\dapasy%PROGRAMFILES%\datosh%PROGRAMFILES%\deceward%PROGRAMFILES%\dedoly%PROGRAMFILES%\deqosehasity%PROGRAMFILES%\dermupy%PROGRAMFILES%\derrepyvivering%PROGRAMFILES%\diaent%PROGRAMFILES%\dliterpory%PROGRAMFILES%\dnesharuzus%PROGRAMFILES%\dralach%PROGRAMFILES%\dranoge%PROGRAMFILES%\drarainganipition%PROGRAMFILES%\drecetain%PROGRAMFILES%\drenackghowedom%PROGRAMFILES%\dresle%PROGRAMFILES%\dretule%PROGRAMFILES%\drewespgrerwey%PROGRAMFILES%\drizphqolother%PROGRAMFILES%\drjother%PROGRAMFILES%\drpasydest%PROGRAMFILES%\druciy%PROGRAMFILES%\druditain%PROGRAMFILES%\eepyruha%PROGRAMFILES%\emather%PROGRAMFILES%\fepuly%PROGRAMFILES%\figasy%PROGRAMFILES%\fijushreibuent%PROGRAMFILES%\fovigemei%PROGRAMFILES%\garunufupy%PROGRAMFILES%\gazshrasity%PROGRAMFILES%\gefudom%PROGRAMFILES%\gersieddrerterpy%PROGRAMFILES%\gertery%PROGRAMFILES%\ghabuty%PROGRAMFILES%\gherertionghatersh%PROGRAMFILES%\ghergersyqerkeing%PROGRAMFILES%\gherjech%PROGRAMFILES%\gherkadomijly%PROGRAMFILES%\ghezeentghicay%PROGRAMFILES%\ghgersybqury%PROGRAMFILES%\ghibay%PROGRAMFILES%\ghijerght%PROGRAMFILES%\ghmalyanacoing%PROGRAMFILES%\ghojetain%PROGRAMFILES%\ghojiryjile%PROGRAMFILES%\ghorugh%PROGRAMFILES%\ghubuge%PROGRAMFILES%\ghuverckplokaent%PROGRAMFILES%\gjadom%PROGRAMFILES%\gokolestepation%PROGRAMFILES%\graghmerrek%PROGRAMFILES%\granidomrsaph%PROGRAMFILES%\grerght%PROGRAMFILES%\grersiward%PROGRAMFILES%\griduy%PROGRAMFILES%\grigikcunack%PROGRAMFILES%\grihersmiritain%PROGRAMFILES%\griqitherphegoty%PROGRAMFILES%\grokise%PROGRAMFILES%\groseghtjibied%PROGRAMFILES%\grtase%PROGRAMFILES%\grupward%PROGRAMFILES%\grurecult%PROGRAMFILES%\grutesy%PROGRAMFILES%\gubicult%PROGRAMFILES%\hecyhewury%PROGRAMFILES%\herary%PROGRAMFILES%\hidupyplumole%PROGRAMFILES%\hiulysaey%PROGRAMFILES%\holush%PROGRAMFILES%\hubishrwoy%PROGRAMFILES%\humedomlutik%PROGRAMFILES%\huweried%PROGRAMFILES%\icackaraergh%PROGRAMFILES%\idoing%PROGRAMFILES%\idotion%PROGRAMFILES%\ifeghtarinuph%PROGRAMFILES%\jercaenttrch%PROGRAMFILES%\jerjers%PROGRAMFILES%\jetrympward%PROGRAMFILES%\jeweseprsot%PROGRAMFILES%\kedasepuving%PROGRAMFILES%\kikusphudoght%PROGRAMFILES%\lafetqilse%PROGRAMFILES%\lerlaied%PROGRAMFILES%\lermacultoqus%PROGRAMFILES%\lfasyjiqege%PROGRAMFILES%\mehition%PROGRAMFILES%\meqoshvurery%PROGRAMFILES%\mevaentcoijely%PROGRAMFILES%\mijerwardplemese%PROGRAMFILES%\miqoshzesetion%PROGRAMFILES%\miwertainckerpsp%PROGRAMFILES%\mizotycernery%PROGRAMFILES%\mokagecerpuly%PROGRAMFILES%\naerentprefos%PROGRAMFILES%\nasitain%PROGRAMFILES%\nelithetay%PROGRAMFILES%\nerrachghefeing%PROGRAMFILES%\nerwughlleried%PROGRAMFILES%\newughikeing%PROGRAMFILES%\nilchtherjerent%PROGRAMFILES%\nimkdejersp%PROGRAMFILES%\nitish%PROGRAMFILES%\niwerdavitain%PROGRAMFILES%\nofoiedanasition%PROGRAMFILES%\nvather%PROGRAMFILES%\pciphtheviry%PROGRAMFILES%\peloch%PROGRAMFILES%\perkaght%PROGRAMFILES%\peroty%PROGRAMFILES%\phaderplemaing%PROGRAMFILES%\phagiselipege%PROGRAMFILES%\phapergeatjaied%PROGRAMFILES%\phbiiedtorle%PROGRAMFILES%\phediktebaght%PROGRAMFILES%\pheption%PROGRAMFILES%\pherluied%PROGRAMFILES%\pherlutherprudit%PROGRAMFILES%\phohatyreamuy%PROGRAMFILES%\phudikthwisy%PROGRAMFILES%\phuhos%PROGRAMFILES%\phuige%PROGRAMFILES%\phuquk%PROGRAMFILES%\phviingstaledom%PROGRAMFILES%\pirering%PROGRAMFILES%\placutherghulers%PROGRAMFILES%\plberied%PROGRAMFILES%\plebuckwuwury%PROGRAMFILES%\plelage%PROGRAMFILES%\plerqer%PROGRAMFILES%\plokoy%PROGRAMFILES%\pluteward%PROGRAMFILES%\preguckuech%PROGRAMFILES%\prergasp%PROGRAMFILES%\prerqiwarddacertain%PROGRAMFILES%\prerus%PROGRAMFILES%\pripiieddocch%PROGRAMFILES%\prissy%PROGRAMFILES%\prjoentmerdery%PROGRAMFILES%\prlusterkogh%PROGRAMFILES%\projlyanubay%PROGRAMFILES%\prunaplatuph%PROGRAMFILES%\prusash%PROGRAMFILES%\pubight%PROGRAMFILES%\qeqotion%PROGRAMFILES%\qitech%PROGRAMFILES%\qivethercoqerly%PROGRAMFILES%\qnuhegach%PROGRAMFILES%\rEuWuFTools%PROGRAMFILES%\razoward%PROGRAMFILES%\reasetyulesp%PROGRAMFILES%\reawerghtraserph%PROGRAMFILES%\rebergeclarodom%PROGRAMFILES%\reilechjpu%PROGRAMFILES%\reiwaghgherfile%PROGRAMFILES%\remerspwaqing%PROGRAMFILES%\reoientrusoge%PROGRAMFILES%\reratqatudom%PROGRAMFILES%\rerkuy%PROGRAMFILES%\rersse%PROGRAMFILES%\retawardkukty%PROGRAMFILES%\reuses%PROGRAMFILES%\riferpy%PROGRAMFILES%\rosatain%PROGRAMFILES%\sagerspkawege%PROGRAMFILES%\sahotplerpoied%PROGRAMFILES%\saquterpward%PROGRAMFILES%\serhesy%PROGRAMFILES%\sewasemhient%PROGRAMFILES%\shapoly%PROGRAMFILES%\shepashkuderward%PROGRAMFILES%\shijerghnuguch%PROGRAMFILES%\shntherquhither%PROGRAMFILES%\shoccult%PROGRAMFILES%\shodisyqrugh%PROGRAMFILES%\shomephclezeried%PROGRAMFILES%\shorush%PROGRAMFILES%\shumaing%PROGRAMFILES%\shuqitainstazegh%PROGRAMFILES%\shurerphraterward%PROGRAMFILES%\sokeing%PROGRAMFILES%\stiduy%PROGRAMFILES%\stumogeqebut%PROGRAMFILES%\tukoentvegsh%PROGRAMFILES%\valoryatusation%PROGRAMFILES%\vastyatedeing%PROGRAMFILES%\vehotherdreguty%PROGRAMFILES%\vieshhubule%PROGRAMFILES%\voboght%PROGRAMFILES(x86)%\Aterlutthikile%PROGRAMFILES(x86)%\Nidaty%PROGRAMFILES(x86)%\apptools%PROGRAMFILES(x86)%\cluberspmercerk%PROGRAMFILES(x86)%\clugoghphwodom%PROGRAMFILES(x86)%\clugokftgh%PROGRAMFILES(x86)%\clunaent%PROGRAMFILES(x86)%\cluvigegowory%PROGRAMFILES(x86)%\coepageatovry%PROGRAMFILES(x86)%\coercock%PROGRAMFILES(x86)%\coerkocult%PROGRAMFILES(x86)%\cogapymoderther%PROGRAMFILES(x86)%\coicerph%PROGRAMFILES(x86)%\coidswermepy%PROGRAMFILES(x86)%\conochdupution%PROGRAMFILES(x86)%\coohatain%PROGRAMFILES(x86)%\copkmahoch%PROGRAMFILES(x86)%\couwadomcerperdom%PROGRAMFILES(x86)%\daletictain%PROGRAMFILES(x86)%\dapasy%PROGRAMFILES(x86)%\datosh%PROGRAMFILES(x86)%\deceward%PROGRAMFILES(x86)%\dedoly%PROGRAMFILES(x86)%\deqosehasity%PROGRAMFILES(x86)%\dermupy%PROGRAMFILES(x86)%\derrepyvivering%PROGRAMFILES(x86)%\diaent%PROGRAMFILES(x86)%\dliterpory%PROGRAMFILES(x86)%\dnesharuzus%PROGRAMFILES(x86)%\donagesetese%PROGRAMFILES(x86)%\drakerlecgadom%PROGRAMFILES(x86)%\dralach%PROGRAMFILES(x86)%\dranoge%PROGRAMFILES(x86)%\drarainganipition%PROGRAMFILES(x86)%\drecetain%PROGRAMFILES(x86)%\drejiy%PROGRAMFILES(x86)%\drenackghowedom%PROGRAMFILES(x86)%\dresle%PROGRAMFILES(x86)%\dretule%PROGRAMFILES(x86)%\drewespgrerwey%PROGRAMFILES(x86)%\drizphqolother%PROGRAMFILES(x86)%\drjother%PROGRAMFILES(x86)%\droqekziday%PROGRAMFILES(x86)%\drpasydest%PROGRAMFILES(x86)%\druciy%PROGRAMFILES(x86)%\druditain%PROGRAMFILES(x86)%\dudusyplesoch%PROGRAMFILES(x86)%\duqitainpcile%PROGRAMFILES(x86)%\eepyruha%PROGRAMFILES(x86)%\emather%PROGRAMFILES(x86)%\fepuly%PROGRAMFILES(x86)%\fermuge%PROGRAMFILES(x86)%\ferory%PROGRAMFILES(x86)%\feusenofs%PROGRAMFILES(x86)%\figasy%PROGRAMFILES(x86)%\fijushreibuent%PROGRAMFILES(x86)%\filetnemerck%PROGRAMFILES(x86)%\fovigemei%PROGRAMFILES(x86)%\garunufupy%PROGRAMFILES(x86)%\gazshrasity%PROGRAMFILES(x86)%\gefing%PROGRAMFILES(x86)%\gefudom%PROGRAMFILES(x86)%\gerrershsterother%PROGRAMFILES(x86)%\gersoghgrlopy%PROGRAMFILES(x86)%\gertery%PROGRAMFILES(x86)%\ghabuty%PROGRAMFILES(x86)%\gherertionghatersh%PROGRAMFILES(x86)%\ghergersyqerkeing%PROGRAMFILES(x86)%\gherhis%PROGRAMFILES(x86)%\gherjech%PROGRAMFILES(x86)%\gherkadomijly%PROGRAMFILES(x86)%\ghgersybqury%PROGRAMFILES(x86)%\ghibay%PROGRAMFILES(x86)%\ghijerght%PROGRAMFILES(x86)%\ghmalyanacoing%PROGRAMFILES(x86)%\ghojetain%PROGRAMFILES(x86)%\ghojiryjile%PROGRAMFILES(x86)%\ghorugh%PROGRAMFILES(x86)%\ghubuge%PROGRAMFILES(x86)%\ghuverckplokaent%PROGRAMFILES(x86)%\gjadom%PROGRAMFILES(x86)%\gokolestepation%PROGRAMFILES(x86)%\granidomrsaph%PROGRAMFILES(x86)%\grawition%PROGRAMFILES(x86)%\grcakmiberdom%PROGRAMFILES(x86)%\grerght%PROGRAMFILES(x86)%\grersiward%PROGRAMFILES(x86)%\grerzersp%PROGRAMFILES(x86)%\griduy%PROGRAMFILES(x86)%\grihersmiritain%PROGRAMFILES(x86)%\griqitherphegoty%PROGRAMFILES(x86)%\grocentreevugh%PROGRAMFILES(x86)%\grokise%PROGRAMFILES(x86)%\gromeent%PROGRAMFILES(x86)%\groseghtjibied%PROGRAMFILES(x86)%\grtase%PROGRAMFILES(x86)%\grupward%PROGRAMFILES(x86)%\grurecult%PROGRAMFILES(x86)%\grutesy%PROGRAMFILES(x86)%\gubicult%PROGRAMFILES(x86)%\hecyhewury%PROGRAMFILES(x86)%\herary%PROGRAMFILES(x86)%\herhery%PROGRAMFILES(x86)%\herjery%PROGRAMFILES(x86)%\hertion%PROGRAMFILES(x86)%\hidupyplumole%PROGRAMFILES(x86)%\hiulysaey%PROGRAMFILES(x86)%\holush%PROGRAMFILES(x86)%\howight%PROGRAMFILES(x86)%\hubishrwoy%PROGRAMFILES(x86)%\humedomlutik%PROGRAMFILES(x86)%\huvachreerjepy%PROGRAMFILES(x86)%\icackaraergh%PROGRAMFILES(x86)%\icockreoguing%PROGRAMFILES(x86)%\idoing%PROGRAMFILES(x86)%\idotion%PROGRAMFILES(x86)%\ifeghtarinuph%PROGRAMFILES(x86)%\jacestreward%PROGRAMFILES(x86)%\jegoing%PROGRAMFILES(x86)%\jercaenttrch%PROGRAMFILES(x86)%\jerjers%PROGRAMFILES(x86)%\jetrympward%PROGRAMFILES(x86)%\jevilewomuty%PROGRAMFILES(x86)%\jeweseprsot%PROGRAMFILES(x86)%\jntmodo%PROGRAMFILES(x86)%\jorosparertary%PROGRAMFILES(x86)%\judolyderfck%PROGRAMFILES(x86)%\juserly%PROGRAMFILES(x86)%\kajuynobersh%PROGRAMFILES(x86)%\kedasepuving%PROGRAMFILES(x86)%\keoght%PROGRAMFILES(x86)%\kikusphudoght%PROGRAMFILES(x86)%\kukther%PROGRAMFILES(x86)%\kuroplgaly%PROGRAMFILES(x86)%\lafetqilse%PROGRAMFILES(x86)%\lerlaied%PROGRAMFILES(x86)%\lermacultoqus%PROGRAMFILES(x86)%\lerqashchigother%PROGRAMFILES(x86)%\letegeshopother%PROGRAMFILES(x86)%\lfasyjiqege%PROGRAMFILES(x86)%\lgechsteris%PROGRAMFILES(x86)%\lhoyplerwuse%PROGRAMFILES(x86)%\lomutherbagaied%PROGRAMFILES(x86)%\luhuch%PROGRAMFILES(x86)%\lurshgerns%PROGRAMFILES(x86)%\lwuward%PROGRAMFILES(x86)%\magdom%PROGRAMFILES(x86)%\mehition%PROGRAMFILES(x86)%\meqoshvurery%PROGRAMFILES(x86)%\mertoghtzehige%PROGRAMFILES(x86)%\mevaentcoijely%PROGRAMFILES(x86)%\mijerwardplemese%PROGRAMFILES(x86)%\miqoshzesetion%PROGRAMFILES(x86)%\miwertainckerpsp%PROGRAMFILES(x86)%\mizotycernery%PROGRAMFILES(x86)%\mokagecerpuly%PROGRAMFILES(x86)%\muziiedsvosh%PROGRAMFILES(x86)%\naerentprefos%PROGRAMFILES(x86)%\nasitain%PROGRAMFILES(x86)%\negerle%PROGRAMFILES(x86)%\negoent%PROGRAMFILES(x86)%\nelithetay%PROGRAMFILES(x86)%\nerrachghefeing%PROGRAMFILES(x86)%\nerwughlleried%PROGRAMFILES(x86)%\newughikeing%PROGRAMFILES(x86)%\nilchtherjerent%PROGRAMFILES(x86)%\nimkdejersp%PROGRAMFILES(x86)%\nitish%PROGRAMFILES(x86)%\niwerdavitain%PROGRAMFILES(x86)%\noferkgrorerk%PROGRAMFILES(x86)%\nofoiedanasition%PROGRAMFILES(x86)%\nulchsezas%PROGRAMFILES(x86)%\nvather%PROGRAMFILES(x86)%\pciphtheviry%PROGRAMFILES(x86)%\pedittawese%PROGRAMFILES(x86)%\pekusy%PROGRAMFILES(x86)%\peloch%PROGRAMFILES(x86)%\peroty%PROGRAMFILES(x86)%\phaderplemaing%PROGRAMFILES(x86)%\phagiselipege%PROGRAMFILES(x86)%\phagoge%PROGRAMFILES(x86)%\phapergeatjaied%PROGRAMFILES(x86)%\pharudom%PROGRAMFILES(x86)%\phediktebaght%PROGRAMFILES(x86)%\pheption%PROGRAMFILES(x86)%\pherluied%PROGRAMFILES(x86)%\pherlutherprudit%PROGRAMFILES(x86)%\phertuph%PROGRAMFILES(x86)%\pherzok%PROGRAMFILES(x86)%\philughgrukis%PROGRAMFILES(x86)%\phudikthwisy%PROGRAMFILES(x86)%\phuige%PROGRAMFILES(x86)%\phuquk%PROGRAMFILES(x86)%\phviingstaledom%PROGRAMFILES(x86)%\pirering%PROGRAMFILES(x86)%\pizery%PROGRAMFILES(x86)%\placutherghulers%PROGRAMFILES(x86)%\platergh%PROGRAMFILES(x86)%\platety%PROGRAMFILES(x86)%\plberied%PROGRAMFILES(x86)%\plebuckwuwury%PROGRAMFILES(x86)%\plelage%PROGRAMFILES(x86)%\plercitzumet%PROGRAMFILES(x86)%\plibedom%PROGRAMFILES(x86)%\plizoy%PROGRAMFILES(x86)%\plokoy%PROGRAMFILES(x86)%\pluteward%PROGRAMFILES(x86)%\poaentdermuch%PROGRAMFILES(x86)%\preguckuech%PROGRAMFILES(x86)%\prergasp%PROGRAMFILES(x86)%\prerqiwarddacertain%PROGRAMFILES(x86)%\prerus%PROGRAMFILES(x86)%\prifuly%PROGRAMFILES(x86)%\pripiieddocch%PROGRAMFILES(x86)%\prissy%PROGRAMFILES(x86)%\prjoentmerdery%PROGRAMFILES(x86)%\prlusterkogh%PROGRAMFILES(x86)%\projlyanubay%PROGRAMFILES(x86)%\prunaplatuph%PROGRAMFILES(x86)%\prusash%PROGRAMFILES(x86)%\prutuy%PROGRAMFILES(x86)%\pubight%PROGRAMFILES(x86)%\qalolefaqent%PROGRAMFILES(x86)%\qeqotion%PROGRAMFILES(x86)%\qerhawardkiztion%PROGRAMFILES(x86)%\qerzise%PROGRAMFILES(x86)%\qitech%PROGRAMFILES(x86)%\qivethercoqerly%PROGRAMFILES(x86)%\qnuhegach%PROGRAMFILES(x86)%\razoward%PROGRAMFILES(x86)%\reasetyulesp%PROGRAMFILES(x86)%\reawerghtraserph%PROGRAMFILES(x86)%\rebergeclarodom%PROGRAMFILES(x86)%\reerwerghtsergale%PROGRAMFILES(x86)%\referkzabak%PROGRAMFILES(x86)%\reilechjpu%PROGRAMFILES(x86)%\reiwaghgherfile%PROGRAMFILES(x86)%\remerspwaqing%PROGRAMFILES(x86)%\reocight%PROGRAMFILES(x86)%\reoientrusoge%PROGRAMFILES(x86)%\reonosptewoy%PROGRAMFILES(x86)%\reosetherprutaent%PROGRAMFILES(x86)%\reowtainvesck%PROGRAMFILES(x86)%\reratqatudom%PROGRAMFILES(x86)%\rerkuy%PROGRAMFILES(x86)%\rersse%PROGRAMFILES(x86)%\reurusptujos%PROGRAMFILES(x86)%\reuses%PROGRAMFILES(x86)%\riferpy%PROGRAMFILES(x86)%\rilethercheduied%PROGRAMFILES(x86)%\ripitsjile%PROGRAMFILES(x86)%\rjatain%PROGRAMFILES(x86)%\rokaphdruzitain%PROGRAMFILES(x86)%\rolugh%PROGRAMFILES(x86)%\rosatain%PROGRAMFILES(x86)%\sagerspkawege%PROGRAMFILES(x86)%\saquterpward%PROGRAMFILES(x86)%\serhesy%PROGRAMFILES(x86)%\sewasemhient%PROGRAMFILES(x86)%\shapoly%PROGRAMFILES(x86)%\shbseverqersp%PROGRAMFILES(x86)%\shekicult%PROGRAMFILES(x86)%\shepashkuderward%PROGRAMFILES(x86)%\shetighaterbent%PROGRAMFILES(x86)%\shijerghnuguch%PROGRAMFILES(x86)%\shntherquhither%PROGRAMFILES(x86)%\shoccult%PROGRAMFILES(x86)%\shodisyqrugh%PROGRAMFILES(x86)%\shomephclezeried%PROGRAMFILES(x86)%\shorush%PROGRAMFILES(x86)%\shumaing%PROGRAMFILES(x86)%\shuqitainstazegh%PROGRAMFILES(x86)%\shurerphraterward%PROGRAMFILES(x86)%\sokeing%PROGRAMFILES(x86)%\stiduy%PROGRAMFILES(x86)%\stumogeqebut%PROGRAMFILES(x86)%\thaberchnaey%PROGRAMFILES(x86)%\therhisy%PROGRAMFILES(x86)%\toliingcluverph%PROGRAMFILES(x86)%\tukerty%PROGRAMFILES(x86)%\tukoentvegsh%PROGRAMFILES(x86)%\valoryatusation%PROGRAMFILES(x86)%\vastyatedeing%PROGRAMFILES(x86)%\vehotherdreguty%PROGRAMFILES(x86)%\vervghtprerqercult%PROGRAMFILES(x86)%\vieshhubule%PROGRAMFILES(x86)%\vndomkivory%PROGRAMFILES(x86)%\voboght
The following URL's were detected:
fgldnknlljnfcfgchdijbjmmkdkmnabn
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.