General Info

File name

ammsetup.exe

Full analysis
https://app.any.run/tasks/ac5b6c71-291d-4358-858e-cf27ef67a25c
Verdict
Malicious activity
Analysis date
7/17/2019, 19:41:17
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

8cd6fc50f21e7d1a71c1ff23649e0750

SHA1

7af57b2f7edc99755b02edf21c894a3a50485687

SHA256

953264bfecbe6f150ff433a4c4188c0486f77a33d0202aabf9d427963fa0de3b

SSDEEP

196608:EP+rXl1QAdhU6+O5hFsh9wrkNQHO9XiKlabe0sjGAMV0txsQHl+l3:jtkIsh9gkQHiVCsaHVMsq43

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • ActualMultipleMonitorsConfig.exe (PID: 3904)
  • ActualMultipleMonitorsShellCenter.exe (PID: 348)
  • ActualMultipleMonitorsCenter.exe (PID: 3180)
  • LogonScreenService.exe (PID: 3744)
  • ActualMultipleMonitorsCenter.exe (PID: 3068)
  • LogonScreenService.exe (PID: 2412)
  • ActualMultipleMonitorsConfig.exe (PID: 3100)
Loads dropped or rewritten executable
  • ActualMultipleMonitorsConfig.exe (PID: 3904)
  • NOTEPAD.EXE (PID: 2352)
  • taskeng.exe (PID: 1984)
  • dwm.exe (PID: 2024)
  • ctfmon.exe (PID: 404)
  • explorer.exe (PID: 304)
  • ActualMultipleMonitorsShellCenter.exe (PID: 348)
  • ActualMultipleMonitorsCenter.exe (PID: 3180)
  • regsvr32.exe (PID: 3988)
Registers / Runs the DLL via REGSVR32.EXE
  • ammsetup.tmp (PID: 3424)
Changes the autorun value in the registry
  • ammsetup.tmp (PID: 3424)
Creates files in the user directory
  • ActualMultipleMonitorsConfig.exe (PID: 3904)
  • ActualMultipleMonitorsCenter.exe (PID: 3180)
  • ActualMultipleMonitorsCenter.exe (PID: 3068)
  • ammsetup.tmp (PID: 3424)
Executed as Windows Service
  • LogonScreenService.exe (PID: 2412)
Creates COM task schedule object
  • regsvr32.exe (PID: 3988)
Executable content was dropped or overwritten
  • ammsetup.tmp (PID: 3424)
  • ammsetup.exe (PID: 4044)
  • ammsetup.exe (PID: 2836)
Manual execution by user
  • ActualMultipleMonitorsShellCenter.exe (PID: 348)
  • ActualMultipleMonitorsCenter.exe (PID: 3180)
Application was dropped or rewritten from another process
  • LogonScreenService.exe (PID: 2856)
  • ammsetup.tmp (PID: 2972)
  • ammsetup.tmp (PID: 3424)
Creates a software uninstall entry
  • ammsetup.tmp (PID: 3424)
Loads dropped or rewritten executable
  • ammsetup.tmp (PID: 3424)
Creates files in the program directory
  • ammsetup.tmp (PID: 3424)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
41984
InitializedDataSize:
36352
UninitializedDataSize:
null
EntryPoint:
0xaad0
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
8.14.1.0
ProductVersionNumber:
8.14.1.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Actual Tools
FileDescription:
Actual Multiple Monitors Setup
FileVersion:
8.14.1_en
LegalCopyright:
2002-2019, Actual Tools
ProductName:
Actual Multiple Monitors
ProductVersion:
8.14.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Actual Tools
FileDescription:
Actual Multiple Monitors Setup
FileVersion:
8.14.1_en
LegalCopyright:
2002-2019, Actual Tools
ProductName:
Actual Multiple Monitors
ProductVersion:
8.14.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x0000A208 0x0000A400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.60167
DATA 0x0000C000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.77135
BSS 0x0000D000 0x00000E94 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000E000 0x0000097C 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.48608
.tls 0x0000F000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00010000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.190489
.reloc 0x00011000 0x00000920 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00012000 0x00007C98 0x00007E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 5.8318
Resources
1

2

3

4

5

6

7

8

9

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
48
Monitored processes
18
Malicious processes
5
Suspicious processes
8

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start ammsetup.exe ammsetup.tmp no specs ammsetup.exe ammsetup.tmp logonscreenservice.exe no specs regsvr32.exe no specs actualmultiplemonitorsconfig.exe logonscreenservice.exe no specs logonscreenservice.exe no specs notepad.exe no specs actualmultiplemonitorscenter.exe no specs actualmultiplemonitorscenter.exe no specs explorer.exe no specs actualmultiplemonitorsshellcenter.exe no specs taskeng.exe no specs dwm.exe no specs ctfmon.exe no specs actualmultiplemonitorsconfig.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1984
CMD
taskeng.exe {0693DB03-B4D5-401F-A3D9-51CF40E902D4}
Path
C:\Windows\System32\taskeng.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Task Scheduler Engine
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskeng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\tschannel.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll

PID
2024
CMD
"C:\Windows\system32\Dwm.exe"
Path
C:\Windows\System32\dwm.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Desktop Window Manager
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dwm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmredir.dll
c:\windows\system32\dwmcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d10_1.dll
c:\windows\system32\d3d10_1core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\version.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
304
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\msutb.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\tquery.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\ehstorapi.dll
c:\users\admin\appdata\local\temp\ammsetup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\users\admin\appdata\local\temp\is-p1md1.tmp\ammsetup.tmp
c:\users\admin\appdata\local\temp\is-4as82.tmp\ammsetup.tmp
c:\program files\actual multiple monitors\actualmultiplemonitorscenter.exe
c:\windows\system32\notepad.exe
c:\program files\actual multiple monitors\ammemb.dll
c:\program files\actual multiple monitors\actualmultiplemonitorsshellcenter.exe
c:\program files\actual multiple monitors\pcre32.dll
c:\program files\actual multiple monitors\actualmultiplemonitorsconfig.exe
c:\windows\system32\imageres.dll

PID
404
CMD
C:\Windows\System32\ctfmon.exe
Path
C:\Windows\System32\ctfmon.exe
Indicators
No indicators
Parent process
taskeng.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
CTF Loader
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msutb.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
4044
CMD
"C:\Users\admin\AppData\Local\Temp\ammsetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\ammsetup.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors Setup
Version
8.14.1_en
Modules
Image
c:\users\admin\appdata\local\temp\ammsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-p1md1.tmp\ammsetup.tmp

PID
2972
CMD
"C:\Users\admin\AppData\Local\Temp\is-P1MD1.tmp\ammsetup.tmp" /SL5="$60128,10589211,79360,C:\Users\admin\AppData\Local\Temp\ammsetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-P1MD1.tmp\ammsetup.tmp
Indicators
No indicators
Parent process
ammsetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-p1md1.tmp\ammsetup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\notepad.exe
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll

PID
2836
CMD
"C:\Users\admin\AppData\Local\Temp\ammsetup.exe" /SPAWNWND=$5018C /NOTIFYWND=$60128
Path
C:\Users\admin\AppData\Local\Temp\ammsetup.exe
Indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors Setup
Version
8.14.1_en
Modules
Image
c:\users\admin\appdata\local\temp\ammsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-4as82.tmp\ammsetup.tmp

PID
3424
CMD
"C:\Users\admin\AppData\Local\Temp\is-4AS82.tmp\ammsetup.tmp" /SL5="$100122,10589211,79360,C:\Users\admin\AppData\Local\Temp\ammsetup.exe" /SPAWNWND=$5018C /NOTIFYWND=$60128
Path
C:\Users\admin\AppData\Local\Temp\is-4AS82.tmp\ammsetup.tmp
Indicators
Parent process
ammsetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-4as82.tmp\ammsetup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\is-1rgff.tmp\utils.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\users\admin\appdata\local\temp\is-1rgff.tmp\affiliate.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\riched20.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\is-1rgff.tmp\logonscreenservice.exe
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\actual multiple monitors\actualmultiplemonitorscenter.exe
c:\program files\actual multiple monitors\actualmultiplemonitorsconfig.exe
c:\program files\actual multiple monitors\unins000.exe
c:\windows\hh.exe
c:\windows\system32\regsvr32.exe
c:\program files\actual multiple monitors\logonscreenservice.exe
c:\windows\system32\netutils.dll

PID
2856
CMD
"C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\LogonScreenService.exe" -uninstall
Path
C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\LogonScreenService.exe
Indicators
No indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors Service
Version
8.14.1_en
Modules
Image
c:\users\admin\appdata\local\temp\is-1rgff.tmp\logonscreenservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3988
CMD
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsShellExtension.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\actual multiple monitors\actualmultiplemonitorsshellextension.dll

PID
3100
CMD
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsConfig.exe" -eval_time_install
Path
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsConfig.exe
Indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\actualmultiplemonitorsconfig.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3744
CMD
"C:\Program Files\Actual Multiple Monitors\LogonScreenService.exe" -install
Path
C:\Program Files\Actual Multiple Monitors\LogonScreenService.exe
Indicators
No indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors Service
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\logonscreenservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2412
CMD
"C:\Program Files\Actual Multiple Monitors\LogonScreenService.exe"
Path
C:\Program Files\Actual Multiple Monitors\LogonScreenService.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Actual Tools
Description
Actual Multiple Monitors Service
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\logonscreenservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winsta.dll

PID
2352
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Actual Multiple Monitors\Readme.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\dwmapi.dll
c:\program files\actual multiple monitors\pcre32.dll

PID
3068
CMD
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" start_cc_in_mil
Path
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
Indicators
No indicators
Parent process
ammsetup.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Actual Tools
Description
Actual Multiple Monitors
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\actualmultiplemonitorscenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll

PID
3180
CMD
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
Path
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Actual Tools
Description
Actual Multiple Monitors
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\actualmultiplemonitorscenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\winsta.dll
c:\program files\actual multiple monitors\pcre32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\audioses.dll

PID
348
CMD
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter.exe" 3180
Path
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Actual Tools
Description
Actual Multiple Monitors
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\actualmultiplemonitorsshellcenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\imageres.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll

PID
3904
CMD
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsConfig.exe" -ui_context "\MainWindowName=quick_setup_wizard_window\MainWindowUIElementName=/"
Path
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsConfig.exe
Indicators
No indicators
Parent process
ActualMultipleMonitorsCenter.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Actual Tools
Description
Actual Multiple Monitors
Version
8.14.1_en
Modules
Image
c:\program files\actual multiple monitors\actualmultiplemonitorsconfig.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\actual multiple monitors\ammemb.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winsta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\actual multiple monitors\pcre32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

Registry activity

Total events
1820
Read events
1705
Write events
113
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96703F22-7167-4098-A19A-9749F3A3C6ED}
Actual Multiple Monitors Desktop Context Menu Extension
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96703F22-7167-4098-A19A-9749F3A3C6ED}\InprocServer32
C:\PROGRA~1\ACTUAL~1\ACTUAL~1.DLL
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96703F22-7167-4098-A19A-9749F3A3C6ED}\InprocServer32
ThreadingModel
Apartment
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers
3988
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\Actual Multiple Monitors
{96703F22-7167-4098-A19A-9749F3A3C6ED}
304
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Actual Multiple Monitors.lnk
1
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Configuration.lnk
1
304
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\abgrcnq.rkr
00000000000000000100000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000F00000010000000A8BD0300040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2
Settings
28000000FFFFFFFF02000000030000003E0000001E000000FEFFFFFFB402000002050000D2020000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
TaskbarWinXP
0C000000080000000100000000000000AA4F2868486AD0118C7800C04FD918B400000000400D000000000000160000000000000000000000160000000000000001000000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
FFFFFFFF
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
FFlags
1075839524
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Mode
1
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
LogicalViewMode
3
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
IconSize
48
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
GroupView
0
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
GroupByKey:PID
0
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
GroupByDirection
1
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
ItemPos1280x720x96(1)
000000000000000000000000000000000D0000000200000014001F7840F05F6481501B109F0800AA002F954E580000000200000074003A00E10700001C4D676620004143524F42417E312E4C4E4B0000580008000400EFBE1C4D67661C4D67662A000000D0E400000000020000000000000000000000000000004100630072006F0062006100740020005200650061006400650072002000440043002E006C006E006B0000001C000D000000EC01000062003A00C50300001C4D7C60200043436C65616E65722E6C6E6B0000460008000400EFBE1C4D7C601C4D7C602A000000A6C40000000003000000000000000000000000000000430043006C00650061006E00650072002E006C006E006B0000001C00580000006400000072003A00F70700001C4D7265200046494C455A497E312E4C4E4B0000560008000400EFBE1C4D3D621C4D72652A000000E3D90000000002000000000000000000000000000000460069006C0065005A0069006C006C006100200043006C00690065006E0074002E006C006E006B0000001C000D000000640000005E003A0051040000774E5198200046697265666F782E6C6E6B00440008000400EFBE1C4D7D57774E51982A00000010720000000003000000000000000000000000000000460069007200650066006F0078002E006C006E006B0000001A000D000000C60000006C003A0099080000774E6A982000474F4F474C457E312E4C4E4B0000500008000400EFBE1C4D59591C4D59592A0000005CBB000000000300000000000000000000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B0000001C000D0000002801000058003A00EF0600001C4DD05D20004F706572612E6C6E6B00400008000400EFBE1C4DCF5D1C4DCF5D2A000000E3C600000000010000000000000000000000000000004F0070006500720061002E006C006E006B00000018000D0000008A01000058003A00F00400001E4DF06E2000536B7970652E6C6E6B00400008000400EFBE1E4DF06E1E4DF06E2A000000A8C8000000000500000000000000000000000000000053006B007900700065002E006C006E006B00000018000D0000004E02000072003A00000400001C4DA8602000564C434D45447E312E4C4E4B0000560008000400EFBE1C4DA8601C4DA8602A00000097D2000000000100000000000000000000000000000056004C00430020006D006500640069006100200070006C0061007900650072002E006C006E006B0000001C0058000000C60000006A003200540B0000E14E4DAA2000465249454E447E312E52544600004E0008000400EFBEE14E4DAAF14E318D2A0000006ECA000000000400000000000000000000000000000066007200690065006E0064006C007900620061006E0064002E0072007400660000001C00580000002801000062003200D00A00007E4D355E20006973626E686F6D652E7274660000460008000400EFBE7E4D355EF14E318D2A00000072CA00000000040000000000000000000000000000006900730062006E0068006F006D0065002E0072007400660000001C00580000008A0100006A0032006F4E00009C4E531620005245515549527E312E504E4700004E0008000400EFBE9C4E5316F14E308D2A000000014300000000120000000000000000000000000000007200650071007500690072006500640077006F00720064002E0070006E00670000001C0058000000EC01000066003200144F0000344CF299200053454354494F7E312E504E4700004A0008000400EFBE344CF299F14E308D2A0000001C0A0000000015000000000000000000000000000000730065006300740069006F006E0067006F0064002E0070006E00670000001C00580000004E02000064003200632B0000B14E254B200053454E53454C7E312E4A50470000480008000400EFBEB14E254BF14E308D2A00000031430000000013000000000000000000000000000000730065006E00730065006C006500610064002E006A007000670000001C00A30000000200000066003200D80A0000084B71A92000534F4E47424F7E312E52544600004A0008000400EFBE084B71A9F14E308D2A0000003943000000001000000000000000000000000000000073006F006E00670062006F00740074006F006D002E0072007400660000001C00A30000006400000068003200090C0000374B9948200053555245574F7E312E52544600004C0008000400EFBE374B9948F14E318D2A00000070CA0000000005000000000000000000000000000000730075007200650077006F0072006B0069006E0067002E0072007400660000001C00A3000000C6000000620032000A0B00007A4C6B6520007468616E757365732E7274660000460008000400EFBE7A4C6B65F14E308D2A0000006CCA00000000050000000000000000000000000000007400680061006E0075007300650073002E0072007400660000001C00A3000000C600000000000000
304
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
LastAdvertisement
90B5433B9C31D501
304
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
UserStartTime
319EE624BB3DD301
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\abgrcnq.rkr
000000000000000001000000D2040000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
304
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000F000000100000007AC20300040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901040000000400000029E900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D0000000000000000000100000064666C7464666C7400000000400000000459CA76C306012500000000000000000100000000000000000000000000000000000000E803000000000000FFFFFFFF000000000000000008B7540254E7D90105000000FFFFFFFFAC54CA76000000003853F6023052F602D0E7D9013DA9727500000000FBFFFF7FF4E7D901987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000005DF440321DF440305DF4403000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B000000530000005300000000000000000007000A008F030000A487D8760800000064025300E72FF9769487D8763F030000CC045300000053000200D4001D7E010011000000B8455600B045560030C4F402FCE800004F88652EACE8D90182917275FCE8D901B0E8D9012795727500000000A486F602D8E8D901CD947275A486F60284E9D9011882F602E1947275000000001882F60284E9D901E0E8D901
2972
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2972
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
600D0000B852D3E7C63CD501
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
930F4F33857B7FC67F4338DCDAD3135F7606E3D67EE695ADFA3DAD41F0FCB957
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Users\admin\AppData\Local\Temp\ammemb.dll
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
9A2CCD665E68E08900A65EEA43D963FF96C05F88FE974C1877411D94568ADDEE
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Owner
600D0000B852D3E7C63CD501
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
SessionHash
91F91AC83F28589E3FE84040E868ADBD0A19CFF8BFF7A63FA55D99BFDBD224CF
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Sequence
1
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFiles0000
C:\Users\admin\AppData\Local\Temp\ammemb.dll
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFilesHash
0B898DA3323FA3FF81AAF62CAD8A966060079F8A8EB5AC9F09023A1B6BE1B56D
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Actual Multiple Monitors
"C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
Language
en
3424
ammsetup.tmp
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors\Command Center\Plugins\EventLogger
Enabled
1
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: Setup Version
5.6.1 (a)
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: App Path
C:\Program Files\Actual Multiple Monitors
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
InstallLocation
C:\Program Files\Actual Multiple Monitors\
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: Icon Group
Actual Multiple Monitors
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: User
admin
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: Selected Tasks
startmenu,startmenu\user,startup,installshellextension
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: Deselected Tasks
startmenu\common,uia
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Inno Setup: Language
en
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
DisplayName
Actual Multiple Monitors 8.14.1
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
DisplayIcon
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
UninstallString
"C:\Program Files\Actual Multiple Monitors\unins000.exe"
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
QuietUninstallString
"C:\Program Files\Actual Multiple Monitors\unins000.exe" /SILENT
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
DisplayVersion
8.14.1
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
Publisher
Actual Tools
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
URLInfoAbout
http://www.actualtools.com/
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
HelpLink
http://www.actualtools.com/support/
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
URLUpdateInfo
http://www.actualtools.com/download/
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
NoModify
1
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
NoRepair
1
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
InstallDate
20190717
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
MajorVersion
8
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
MinorVersion
14
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
VersionMajor
8
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
VersionMinor
14
3424
ammsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Multiple Monitors_is1
EstimatedSize
21127
3424
ammsetup.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
EvalDate8
D31B05A2C3
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
InstallationTimeStamp
000B3FE903CC69B5
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Actual Tools\Actual Multiple Monitors
EvalDate8
D31B05A2C3
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Actual Tools\Actual Multiple Monitors
InstallationTimeStamp
000B3FE903CC69B5
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
Runtimes8
CB3BA29450D144A13049ABDE230D6D32
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Actual Tools\Actual Multiple Monitors
Runtimes8
CB3BA29450D144A13049ABDE230D6D32
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
EnableFileTracing
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
EnableConsoleTracing
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
FileTracingMask
4294901760
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
ConsoleTracingMask
4294901760
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
MaxFileSize
1048576
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASAPI32
FileDirectory
%windir%\tracing
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
EnableFileTracing
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
EnableConsoleTracing
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
FileTracingMask
4294901760
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
ConsoleTracingMask
4294901760
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
MaxFileSize
1048576
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ActualMultipleMonitorsConfig_RASMANCS
FileDirectory
%windir%\tracing
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3100
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors\Command Center
BaloonShown
1
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors\Command Center
LastShownVersion
8.14.1
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
R8d8
0
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors\Command Center\Plugins\SystemTweaks
SettingsWereReset
1
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors\Command Center
QuickSetupWizardShown
1
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3180
ActualMultipleMonitorsCenter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3904
ActualMultipleMonitorsConfig.exe
write
HKEY_CURRENT_USER\Software\Actual Tools\Actual Multiple Monitors
LastNagScreenDate
C177A1FC2CA11247F8

Files activity

Executable files
17
Suspicious files
10
Text files
35
Unknown types
9

Dropped files

PID
Process
Filename
Type
4044
ammsetup.exe
C:\Users\admin\AppData\Local\Temp\is-P1MD1.tmp\ammsetup.tmp
executable
MD5: 73032b651023916d0de84ac486990b07
SHA256: fe36521f8733bc8f8e15b16fc8136892c3a88860a9a87553c3bbcbc1b755f61b
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
executable
MD5: 26c5099fbc97e8b865f679eb5b0fce34
SHA256: 049299cf8655e9efb2d2fa2bc60423fed7c8c451a34f14528139245de35c3dfe
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\unins000.exe
executable
MD5: 73032b651023916d0de84ac486990b07
SHA256: fe36521f8733bc8f8e15b16fc8136892c3a88860a9a87553c3bbcbc1b755f61b
3424
ammsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\LogonScreenService.exe
executable
MD5: 2b26ade3430171d360932ac9461cca64
SHA256: 164fbe1a81bb617fdc35e7483bb689640d61981de46d3dc77b999feb9f1443ef
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter.exe
executable
MD5: a1123e4e08a0a908286f37b6d742f2aa
SHA256: 8ad2b81e5d3c8765f76121f77bec8b3127d03cf0b54436416d41143ab6f61441
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\pcre32.dll
executable
MD5: 545da7779c715b2bcfd93162dc4c44fb
SHA256: ecf97aeb5fd100d102c2550f9706cf4448a0163db60d4203ac61dc6951a7dbfe
3424
ammsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\innocallback.dll
executable
MD5: 7c298bc8016de89a7d57099f0e3f112a
SHA256: e1bbdecdfed5ea89ec54aa29e3b80f125ba916788031b3491d13d63dd4e768da
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\AudioSwitcher32.dll
executable
MD5: 18e4944184b08d037b1090edd7e5df06
SHA256: 1cb7f72f9393d00cc32fbdf5fbbb7fdc90b951f04b5b71e52c91020f94600271
3424
ammsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\utils.dll
executable
MD5: 81ab5d55c3c79949f67ece6455d50696
SHA256: cdb1c00069c717204f00b9b11461d5707cd2753ca3f9f51be98a43179d98c970
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\LogonScreenService.exe
executable
MD5: 2b26ade3430171d360932ac9461cca64
SHA256: 164fbe1a81bb617fdc35e7483bb689640d61981de46d3dc77b999feb9f1443ef
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Actual Multiple Monitors Slideshow.scr
executable
MD5: 17c74e283e87d6ef41754791c750a9b9
SHA256: 14cbdeba405f43899d8d965f7ca6fc98a37f3390ef54d4e4dafb7144699dffe6
2836
ammsetup.exe
C:\Users\admin\AppData\Local\Temp\is-4AS82.tmp\ammsetup.tmp
executable
MD5: 73032b651023916d0de84ac486990b07
SHA256: fe36521f8733bc8f8e15b16fc8136892c3a88860a9a87553c3bbcbc1b755f61b
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\ammemb.dll
executable
MD5: 0b032d95bf63e65acb1fa1bca10980e0
SHA256: af57b714a28df40c78ec23bae1e707db2c3e013b9df57d246e6a90d13fa76e8a
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsConfig.exe
executable
MD5: 2d13b687c2ad8ef30c4eb86ba386ddfc
SHA256: fc83066695a17c87234b77e289b588b17321005fd7db5d95db6c96f7954cfb39
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Actual Multiple Monitors.scr
executable
MD5: 425149857505a993454ce8a283bd85ec
SHA256: e7d52a08df422f41c5f5e38e89c30f8efd2524cfd4cad5f010021797ce344999
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\ActualMultipleMonitorsShellExtension.dll
executable
MD5: de97964f923cd1400f59ea957c23ec95
SHA256: 7c6afd0d0e7e079cadb59fc12b46bb6265b3419d0429abc24f0a439d6ebe58c4
3424
ammsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-1RGFF.tmp\affiliate.dll
executable
MD5: 510b10ea3b1e48560261c1a6d2cc608c
SHA256: 8b7b52260cc610ad2b266d693b400bec9a50945fda4a52274b32533e3239ae92
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\User Manual.lnk
lnk
MD5: f6d8861eeb279dae6793384f62ec10d2
SHA256: cff03b1da229a2317e61cee03e4e14df80b6654aeb6a0e9ea252b2d3cc1a5413
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Actual Multiple Monitors.lnk
lnk
MD5: 5ef24c658621d418c5a46bac3afdb94a
SHA256: 34c1fef0337003ecf35ec7fdc2f73378281119eb41146ce5e986a4961456d671
3180
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\CenterEvents.log
text
MD5: ee6887692d6cca7d592162e5135dbf6a
SHA256: 29ecf6f2ba71ec5b8e2fd58d6d9e54b87b2db1e8b7a431ef0e1efdd162d1c29a
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-G2SPD.tmp
––
MD5:  ––
SHA256:  ––
3904
ActualMultipleMonitorsConfig.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\ConfigEvents.log
text
MD5: aa248800bea402855a528c7ded3281f2
SHA256: 5fc03314a3624b560309bf9460548ee46fff5e46cf6a12ca156511401279f7af
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Setup.ico
image
MD5: 622cb67c2c93a080da32a314b0fdc411
SHA256: 49f492325947a5204cf107d07a98bf8da96f840d8bb66e9934baf4a9a53af87f
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-NO3QM.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-C4EA0.tmp
––
MD5:  ––
SHA256:  ––
3180
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\CenterEvents.log
text
MD5: 1f4572d8a672f146c4b68f51ebdd0d9e
SHA256: 75ca8623cd529115ce3107cb1257a99a4b416c5e5a3ad7e62c11c673327f6fb9
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-9EGJT.tmp
––
MD5:  ––
SHA256:  ––
3180
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\CenterEvents.log
text
MD5: dc4e98b00dbdf880be036b871593bad3
SHA256: 4c8a298c5ef6903f364c055ad03635d0dd460efa35cf719ea12c311b0a3095db
3180
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\CenterEvents.log
text
MD5: 95966fe42e6f39e0a948d210eee65ce4
SHA256: b5f80244cc3ea3c2f653ca5368571be1fcc6d46797d8e758ca2f613e3fe51a84
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-1U05B.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-IMQEF.tmp
––
MD5:  ––
SHA256:  ––
3068
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\WindowRules.ini
text
MD5: 453643b71a9fe7dd15c21baa204d4c85
SHA256: a4649efc44d82d7121deaa537fe8268d3c6fc4931da3756189a311fc829e07c9
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-G4USV.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Vista_Beta_2.zip
compressed
MD5: 086821ee90ba944ecf7b498c16fec34b
SHA256: 5abdd143e216ff045f9c4186309486db1fd2196cf8c6611617559cdc68853f7e
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\StyleXP.zip
compressed
MD5: baaac6c6bd57b95bf0c7e3650ffd361f
SHA256: 3941afe0998059d3c9652f5fd9b55f3d08cba31e401ecc8f1cffbdc985042f65
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Vista_Beta_1.zip
compressed
MD5: 392ff61a2b01d1d576833ad92b1b6ba3
SHA256: 214399581cb5d446a75939f28bc45012aea2c184433c62fa021c0e8a7017b831
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-JGNKA.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-B19VK.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-RRJRH.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_1_GlassB1D.zip
compressed
MD5: f1ac838a8719bc85d43b26da50163a39
SHA256: 4fc99eda66d939a8c7ee8b32c63a4910f816e3cf4738e3a58755db630f3f1b72
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_2_GlassB2DN.zip
compressed
MD5: 9cecfb244aeac31fbf049f8b974f9692
SHA256: d7282cd6e6018591739c307e5c849fddb3c2bd4b7b7b0dacdbce90e90190302b
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_2_GlassB2D.zip
compressed
MD5: 3ba5ecfb952a185c6c1bd85890332cad
SHA256: 458ecd5baf15e81c86f95a0685f497b9c6c09f3ffce404e401ae35cfe1e34463
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_1_GlassB1DT.zip
compressed
MD5: 8f848a8593ef09ee70b1492e89bfca3e
SHA256: ccac7edd5dcd11dd08a0786c224a9132578cb5aa3760cd2ccf300473e17198b4
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_2.zip
compressed
MD5: f7cf72ffb2591dce1754380952530b5d
SHA256: 139f15a7524c61b4deedf85b1ce367334c5aac1f1b9ca2f175b4d4dec3385939
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-69GBC.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-V0FGJ.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-R43FF.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-8D3G3.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-634UF.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\spanish.lng
xml
MD5: c9f23d75ec51ef41e1eb4c4b692635ca
SHA256: 636fe8d3ac9024031f71fa393b5657c112cac079c24fa2ac1c7cf4b5c32a1e2b
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\Aero_Style_Glass_Beta_1.zip
compressed
MD5: 366fd78f27450bc99a5c35f9411b876d
SHA256: e0edd9257663a22ad43c38ddc5900b9868ea96848f6e70073b7fd164df779106
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\ukrainian.lng
xml
MD5: d0b15ca2b9a01aea1446f754d442ec8f
SHA256: 9c2976e8512a2caf17934225ea1789c50d5948ea990ee14b6150b2c60258201c
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Skins\is-PTTH0.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-TIIG5.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-SL8UE.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\serbian_cyrillic.lng
xml
MD5: b2f77c96a01e3c35b681c842e4f72507
SHA256: 55405c783d0a6733c1391120fbb08cae2de92b143444510b7f276907fad4beb1
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\serbian_latin.lng
xml
MD5: 95db787d2f02b4af6c9b0ac5dba64eee
SHA256: b514c419394305e796384334fac5d78464ce302d68018c1feab6f960900c282d
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-KVKJI.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-N7O1Q.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\russian.lng
xml
MD5: fe33288e0ecdd4c06512dce372cacfa0
SHA256: 1535266ad75460addae30f9d39998dafa9b78ee2e7096f132e6209e37f346d23
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-SKJGU.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\polish.lng
xml
MD5: 87c7872c2ed811a08bcf3bd982afe4ef
SHA256: 03fc9ad10ca034ffc7323e709a989218a67a1c94b005b0f476d8987a8b029779
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\portuguese_brazilian.lng
xml
MD5: f672cf9994cce01089c77a928383bcc5
SHA256: f2f04a6e18cf2e19a9c907cc215f877b028a9b1880cea65a2fb3dc97b83e42e4
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-2M1SQ.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-S0MRQ.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\norwegian.lng
xml
MD5: b5aa5b5bc4d0928bd8ab9a238c9ff022
SHA256: c2e371b978683f7064b11a657fbff3408d288c1c8d6e60e1bf7bcd4a72bedeba
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\korean.lng
xml
MD5: 337029bc5f56c89c2531caf54f110c75
SHA256: f54a89512885743e47a2305687f99094a05f83a3fc4aa75ceca36b657aafd71a
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-U9JL1.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-P68J9.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\italian.lng
xml
MD5: a8e0c189a00e68ecb9e39038c7559aaf
SHA256: 52d3c99cea258ce67f1a24a7b21c1c9197c0fad7f837a79db6821c6f45b07044
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\japanese.lng
xml
MD5: bb422a2025be0a601fb5f43fef083ced
SHA256: ebff09d6baf8267a3dac6987987bbcb27c6d68e990ed9ffce0ce200bed3e32c3
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-CES5D.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\indonesian.lng
xml
MD5: 71b491dad32a5d5050e2cfb1dc9cb19b
SHA256: 5413fe3ae448dc036abbaadf0bd73b721cad1771391a7747f1c47a4c11ffe6ae
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\german.lng
xml
MD5: c3c33eafb31ec7d488adfc548f0a42ed
SHA256: f1d4e2e21b85bf57d272ca5446037061038b36466f3b8152d8ce84c6ec83d4be
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-PGCSH.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-KFDPK.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-P9AJM.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\french.lng
xml
MD5: dc608dfb5468e80dc2a4cce95e0b9118
SHA256: 338d96f1255c48cbc9951552c21ad23769e6b1aefdfd9f7cfe2ad37eac706cb9
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-E37MI.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\dutch.lng
xml
MD5: 143b8241b209c66c8ae3e194b38444d7
SHA256: db35800f60921a1c702a1568a8807329bf996174f54f79384714f764f80deb4b
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\english.lng
xml
MD5: 7a925c974f15379013faf6f2e874c4a5
SHA256: d3984d34ff4cb61616e932489cf0133a8c323f8b444cdacde017df3a2d0e1cc5
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-H2BEV.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-CJTD3.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\chinese_traditional.lng
xml
MD5: fb28bf3c9a36d6eb71b6f6ec66c9600e
SHA256: f27efe0f47036f4973c139f97efe82d1b441cb07c9ca86d2bcc526cec0ddbbb1
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\chinese_simplified.lng
xml
MD5: 332b0233b2b2ed7cac3932676f7bfd57
SHA256: e848fabe644d465865efab02ac57bc55f15d40ce004e5b9984f9c59d2c4c82be
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-8PKO6.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-4I8IE.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\WindowRules.ini
text
MD5: 453643b71a9fe7dd15c21baa204d4c85
SHA256: a4649efc44d82d7121deaa537fe8268d3c6fc4931da3756189a311fc829e07c9
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\arabic.lng
xml
MD5: bc32ce5aa6fd2fb368a7ce9e6ffe0ea1
SHA256: dc00f7c48a6eb5be0a45bb64cba228e1427bc367f4e7cdf48b120fd718984371
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Languages\is-4I50B.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-I569V.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\WhatsNew.txt
text
MD5: 3348bdf61fd159a11069a2a7f9cbe6ee
SHA256: 723f12a5a556c79c659ba5b439ee885a09e504e3cf75d388b228aec251eb3549
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Options.ini
text
MD5: b3840cb1391fdb0a84d0e9b3ade6a057
SHA256: b9eb4bf12c0fbd002558f073e5d0da75071b6b4d6ad7353ed2fd5346d048d421
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\license.txt
text
MD5: 9c87ff3bd88a08453d711dbc001d7b5c
SHA256: 0d62a2f78843f17d598461559b404f75cd95c515d7db8c79ba037957fe5d363c
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-8EJHU.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-D9D1O.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-5F8VC.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Readme.txt
text
MD5: 2a51961e597989863dfd7d7eaa868a35
SHA256: c838d2ea77f37d6fb9e4483f05c25178105e0aa9594c39cd769ee51727b39eb4
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\file_id.diz
text
MD5: ecf73468a0e581bc58f30e24b2a83bcd
SHA256: 3ca3241edc1ecb4d9048583b12b1650465625623abfa808a4fcf13612fe78db6
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-J4IGG.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-H073L.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\en.chm
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-SBB7H.tmp
––
MD5:  ––
SHA256:  ––
3068
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\Options.ini
text
MD5: b3840cb1391fdb0a84d0e9b3ade6a057
SHA256: b9eb4bf12c0fbd002558f073e5d0da75071b6b4d6ad7353ed2fd5346d048d421
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-E22OV.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\unins000.dat
dat
MD5: d7bd501d0116f2959a7d075aecd8720c
SHA256: f4993c73405cd06df6f2e72f0bc923b7ef537b25f47f24570f2708f062a4745a
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-MB94T.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\unins000.msg
binary
MD5: 2019efb38eb66ed6eca1747ce0e0a7dc
SHA256: d816931a62cb3bc09ff5d8326d33dbe7c6129c3e804321dfd6c57f5ba93fb715
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-EJ955.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\Actual Multiple Monitors on the Web.url
text
MD5: cbb83330fd42c87cffc78f186eec633f
SHA256: 61a34d5cf2dc661a7bca64e090a647aaaaed886845105ca1da1be81785e61b34
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-1VRP8.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Uninstall Actual Multiple Monitors.lnk
lnk
MD5: 9fac572c94feab1d77dd60b1530d6d7a
SHA256: d8140f41167059464a44e6aca2242da243775256a6f097c4c3c3de79419c6393
3424
ammsetup.tmp
C:\Program Files\Actual Multiple Monitors\is-67PUN.tmp
––
MD5:  ––
SHA256:  ––
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Products Catalog.lnk
lnk
MD5: 636af802235bcbb84f06837d2d82a986
SHA256: f5a666cd266133d08f47cb639f7856027c5287a35fa5ca7a079258e4cfb6929a
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\View readme.txt.lnk
lnk
MD5: b293dd642121dbd0aa470b24ab46d1a4
SHA256: 5f1f5b09af0071522dd955132765afbbcd1cc8e28913cd04971c1b3323db957d
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\End User License Agreement.lnk
lnk
MD5: 2b5ffc744e383cf0f3b960c5a0dcd7f5
SHA256: cd4959e1deeba7a4e043d160c778874c27917ea298dfcfda1efba4eebe477ebf
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Actual Multiple Monitors on the Web.lnk
lnk
MD5: e6ea5e657722d489b4a7ee692c1e07de
SHA256: 4d8c6eea97c998e257636c96ff706db1c5251f61ca15e6c826ba11c8059cc067
3424
ammsetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors\Configuration.lnk
lnk
MD5: 5fa2fd3f31245d789ce77d595999a37b
SHA256: d489f219372230e4a4f403cdd1776e80de3c6741aa77d15383088c282e6f04cc
3180
ActualMultipleMonitorsCenter.exe
C:\Users\admin\AppData\Roaming\Actual Tools\Actual Multiple Monitors\CenterEvents.log
text
MD5: 060f877c206b9d89e6bb835fa0da3223
SHA256: dac16fd96ff8629b364bbdb4e8ceb41ba28117851459f939191e8a2c74bace95

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3100 ActualMultipleMonitorsConfig.exe GET 200 208.76.175.79:80 http://www.actualtools.com/checkupdates2.php?product=amm&version=8.14.1&d=0&reg=0&ts=&mode=install&installtimestamp=000B3FE903CC69B5 US
text
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3100 ActualMultipleMonitorsConfig.exe 208.76.175.79:80 CIFNet, Inc. US suspicious

DNS requests

Domain IP Reputation
www.actualtools.com 208.76.175.79
suspicious

Threats

No threats detected.

Debug output strings

No debug info.