Filename: syntphelpersview.exe
Threat name: SONAR.Heuristic.158Full Path: Not Available
____________________________
____________________________
On computers as of
2017/1/9 at 21:06:46
Last Used
2017/1/9 at 21:06:46
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
____________________________
syntphelpersview.exe Threat name: SONAR.Heuristic.158
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
google.com
File Created:
syntphelpersview.exe
____________________________
File Actions
File: c:\sandbox\m\defaultbox\user\all\microsoft dementias\ syntphelpersview.exe Threat Removed
File: c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\ google.com Threat Removed
File: c:\sandbox\m\defaultbox\user\all\ qdeskpath.ini Threat Removed
File: c:\sandbox\m\defaultbox\user\current\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\ qdeskpath.ini Threat Removed
File: c:\sandbox\m\defaultbox\user\all\ config.dat Threat Removed
File: c:\sandbox\m\defaultbox\user\current\appdata\roaming\ qq截圖20170109e61da404e6d.jpg Threat Removed
File: c:\sandbox\m\defaultbox\user\all\nvidia corporation\drs\ nvdrssel.bin Threat Removed
File: c:\sandbox\m\defaultbox\user\all\nvidia corporation\drs\ nvapptimestamps Threat Removed
Directory: c:\sandbox\m\defaultbox\user\all\ microsoft dementias Threat Removed
Directory: c:\Sandbox\M\defaultbox\user\all\ QQGame Delete Failed
____________________________
Registry Actions
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\MACHINE\SOFTWARE\ WOW6432Node, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\SyncRootManager\ OneDrive!S-1-5-21-3354391888-1156723752-2331256929-1001!Personal, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\Machine\SOFTWARE\Policies\Microsoft\Windows\ Appx, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ AppModelUnlock, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->ProxyBypass:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->IntranetName:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->UNCAsIntranet:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap->AutoDetect:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\machine\system\CurrentControlSet\Control\ NetworkProvider, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\machine\SOFTWARE\ NVIDIA Corporation, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ ICM, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\MACHINE\Software\Microsoft\ WindowsRuntime, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ MMDevices, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ Desktop, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ {018D5C66-4533-4307-9B53-224DE2ED1FE6}, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ DelegateFolders, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Tencent\ QQPinyin->SkinGUIDMini:10000000-0000-0000-0000-000000000001, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\software\Tencent\ QQPinyin->SkinFileNameMini, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\Sandbox_M_DefaultBox\user\current\SOFTWARE\Microsoft\ Windows Photo Viewer, Registry Hive: 64 bit Threat Removed
____________________________
Network Actions
Event: Network activity (Performed by c:\sandbox\m\defaultbox\user\all\microsoft dementias\syntphelpersview.exe, PID:2696) No action taken
____________________________
System Settings Actions
Event: Process start (Performed by c:\sandbox\m\defaultbox\user\all\microsoft dementias\syntphelpersview.exe, PID:2696) No action taken
(Performed by c:\sandbox\m\defaultbox\user\all\microsoft dementias\syntphelpersview.exe, PID:2696) No action taken
Event: Process start: c:\sandbox\m\defaultbox\user\all\microsoft dementias\ syntphelpersview.exe, PID:2696 (Performed by c:\sandbox\m\defaultbox\user\all\microsoft dementias\syntphelpersview.exe, PID:2696) No action taken
Event: Process start (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:6948) No action taken
(Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:6948) No action taken
Event: Process start: c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\ google.com, PID:6948 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:6948) No action taken
Event: Process start (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: PE file creation: c:\sandbox\m\defaultbox\user\all\microsoft dementias\ syntphelpersview.exe (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
(Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:7192 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: PE file creation: c:\Sandbox\M\defaultbox\user\all\ Link.exe (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: PE file creation: c:\Sandbox\M\defaultbox\user\all\QQGame\ QQGame.exe (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: Process start: c:\Sandbox\M\defaultbox\user\all\QQGame\ QQGame.exe, PID:5056 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: Process start: c:\sandbox\m\defaultbox\user\all\microsoft dementias\ syntphelpersview.exe, PID:2696 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: Process start: c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\ google.com, PID:1512 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
Event: Process start: c:\program files (x86)\Tencent\QQPinyin\5.4.3311.400\ qqpyservice.exe, PID:4804 (Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:1512) No action taken
____________________________
Suspicious Actions
(Performed by c:\users\m\desktop\剑灵官方最新价格表\剑灵官方最新价格表\dat\google.com, PID:6948) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
|