e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1

Analysis

max time kernel
162s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monolith Notes Setup.exe
Size

71.7MB
MD5

929ed5a3690fe8b2ababdc8eeb0375ca
SHA1

2471f1ed659805a50a8671d90b6e3e1d920f8fa1
SHA256

e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1
SHA512

928c59123b32dfac2086e24d69ae54c5f0dfe990daa8d000f5a4d2c246680527cd4dbeb9ff0c31aabcc7689506e091e2655700a6696e48c16f38d9e2e2c5f228
SSDEEP

1572864:12tUZfmQpwDPqZWcyE/LEhq9FP6Zq9cjJyRXfXCZpcCeW3GCwb50lDpw:12ilDCPYDyWdyCMiGm7WFSaVpw

Score

10^/10

coreentity discovery

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\app.asar	coreentity

Executes dropped EXE 4 IoCs

Processes:

Monolith Notes.exeMonolith Notes.exeMonolith Notes.exeMonolith Notes.exe

pid process

524 Monolith Notes.exe
4180 Monolith Notes.exe
3420 Monolith Notes.exe
3376 Monolith Notes.exe

pid	process
524	Monolith Notes.exe
4180	Monolith Notes.exe
3420	Monolith Notes.exe
3376	Monolith Notes.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Monolith Notes.exeMonolith Notes.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Monolith Notes.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Monolith Notes.exe

Loads dropped DLL 17 IoCs

Processes:

Monolith Notes Setup.exeMonolith Notes.exeMonolith Notes.exeMonolith Notes.exeMonolith Notes.exe

pid	process
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
524	Monolith Notes.exe
4180	Monolith Notes.exe
3420	Monolith Notes.exe
3376	Monolith Notes.exe
4180	Monolith Notes.exe
4180	Monolith Notes.exe
4180	Monolith Notes.exe
3376	Monolith Notes.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Monolith Notes Setup.exeMonolith Notes.exeMonolith Notes.exe

pid	process
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
4808	Monolith Notes Setup.exe
3420	Monolith Notes.exe
3420	Monolith Notes.exe
3376	Monolith Notes.exe
3376	Monolith Notes.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Monolith Notes Setup.exe

description pid process

Token: SeSecurityPrivilege 4808 Monolith Notes Setup.exe

description	pid	process
Token: SeSecurityPrivilege	4808	Monolith Notes Setup.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

Monolith Notes.exe

description	pid	process	target process
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 4180	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 3420	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 3420	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 3376	524	Monolith Notes.exe	Monolith Notes.exe
PID 524 wrote to memory of 3376	524	Monolith Notes.exe	Monolith Notes.exe

C:\Users\Admin\AppData\Local\Temp\Monolith Notes Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Monolith Notes Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4808

C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
"C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:524

C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
"C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe" --type=gpu-process --field-trial-handle=1632,16944009877840878865,17858401778062192544,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14072320149809061490 --mojo-platform-channel-handle=1764 --ignored=" --type=renderer " /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4180

C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
"C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe" --type=utility --field-trial-handle=1632,16944009877840878865,17858401778062192544,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=10393343369747608392 --mojo-platform-channel-handle=1908 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3420

C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
"C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe" --type=renderer --field-trial-handle=1632,16944009877840878865,17858401778062192544,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\app.asar" --node-integration --no-sandbox --no-zygote --native-window-open --background-color=#000000 --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15933051246540453210 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\monolith_notes\D3DCompiler_47.dll
Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
Filesize
99.8MB

MD5
b310ec7d6b80896e635ed1bbae730feb

SHA1
c23947cc4bcb525eb04f510142aa5e0bdce700cf

SHA256
f5d6c25aa9e7493c461b87ed95cd41513e04f920a56f20af3abd8ca17699e636

SHA512
8ecc28d3473947098a8de97075d19bf7f70fb6bc271f9136c9eccf9422f9a568e7d2f3863e1c701bd8fd7a68066ef0d5b9bfa7009dfb22c1868cdcefb92ba6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
Filesize
99.8MB

MD5
b310ec7d6b80896e635ed1bbae730feb

SHA1
c23947cc4bcb525eb04f510142aa5e0bdce700cf

SHA256
f5d6c25aa9e7493c461b87ed95cd41513e04f920a56f20af3abd8ca17699e636

SHA512
8ecc28d3473947098a8de97075d19bf7f70fb6bc271f9136c9eccf9422f9a568e7d2f3863e1c701bd8fd7a68066ef0d5b9bfa7009dfb22c1868cdcefb92ba6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
Filesize
99.8MB

MD5
b310ec7d6b80896e635ed1bbae730feb

SHA1
c23947cc4bcb525eb04f510142aa5e0bdce700cf

SHA256
f5d6c25aa9e7493c461b87ed95cd41513e04f920a56f20af3abd8ca17699e636

SHA512
8ecc28d3473947098a8de97075d19bf7f70fb6bc271f9136c9eccf9422f9a568e7d2f3863e1c701bd8fd7a68066ef0d5b9bfa7009dfb22c1868cdcefb92ba6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
Filesize
99.8MB

MD5
b310ec7d6b80896e635ed1bbae730feb

SHA1
c23947cc4bcb525eb04f510142aa5e0bdce700cf

SHA256
f5d6c25aa9e7493c461b87ed95cd41513e04f920a56f20af3abd8ca17699e636

SHA512
8ecc28d3473947098a8de97075d19bf7f70fb6bc271f9136c9eccf9422f9a568e7d2f3863e1c701bd8fd7a68066ef0d5b9bfa7009dfb22c1868cdcefb92ba6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\Monolith Notes.exe
Filesize
99.8MB

MD5
b310ec7d6b80896e635ed1bbae730feb

SHA1
c23947cc4bcb525eb04f510142aa5e0bdce700cf

SHA256
f5d6c25aa9e7493c461b87ed95cd41513e04f920a56f20af3abd8ca17699e636

SHA512
8ecc28d3473947098a8de97075d19bf7f70fb6bc271f9136c9eccf9422f9a568e7d2f3863e1c701bd8fd7a68066ef0d5b9bfa7009dfb22c1868cdcefb92ba6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\chrome_100_percent.pak
Filesize
173KB

MD5
c56bc01c88f2fd186ae22f10b1bd5900

SHA1
b000e68ccd919010eff8c2e114b7d1b6e702d997

SHA256
d8cbc2234f40b49437a5876bb008b6b43afdf92391dec3f0739be98e448ab671

SHA512
46f9158e0f06a4e415b95a7dabe88cc4f3eecc235cdaf9d744caf4de5e665ae91599e3c2feea0860e9f6eeb2eea45fe4e57542fae95ed9110d44624513de3aa0

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\chrome_200_percent.pak
Filesize
308KB

MD5
9662c1f572ef83f070d2354b0275ec60

SHA1
04ce905a95a1c3b8521a17ac9f57503e7aa3eac9

SHA256
55dd419a1cecca86665ba5e6184d6b58edf714d652e67c5220dd3b407d99afa8

SHA512
b1d34d58f5079b1db9764bce2787969113ac7cb1b83dbc3ebce8c9c287af372a639611ba11246a088243e2098dbd1d6ad51341eff2a57a995868bb0db94a3167

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\d3dcompiler_47.dll
Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\ffmpeg.dll
Filesize
2.0MB

MD5
b4fe8978c43a979ab771edffaeb4772d

SHA1
1c48ac0c90c0ca8f489466fd823d2d4cbc3c0930

SHA256
ab5ba5774f5aaabb21715a31396f5df3da1e71e91651b61a402e581b4cd0df10

SHA512
9975d7efad5a1320beeeddcec32e01bcaed61bb74f0e9550fb42654b6d580c0fdfb9ef6663d9260c6b979936e4528842dd25e22399457db091b9384b9ebd6474

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\ffmpeg.dll
Filesize
2.0MB

MD5
b4fe8978c43a979ab771edffaeb4772d

SHA1
1c48ac0c90c0ca8f489466fd823d2d4cbc3c0930

SHA256
ab5ba5774f5aaabb21715a31396f5df3da1e71e91651b61a402e581b4cd0df10

SHA512
9975d7efad5a1320beeeddcec32e01bcaed61bb74f0e9550fb42654b6d580c0fdfb9ef6663d9260c6b979936e4528842dd25e22399457db091b9384b9ebd6474

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\ffmpeg.dll
Filesize
2.0MB

MD5
b4fe8978c43a979ab771edffaeb4772d

SHA1
1c48ac0c90c0ca8f489466fd823d2d4cbc3c0930

SHA256
ab5ba5774f5aaabb21715a31396f5df3da1e71e91651b61a402e581b4cd0df10

SHA512
9975d7efad5a1320beeeddcec32e01bcaed61bb74f0e9550fb42654b6d580c0fdfb9ef6663d9260c6b979936e4528842dd25e22399457db091b9384b9ebd6474

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\ffmpeg.dll
Filesize
2.0MB

MD5
b4fe8978c43a979ab771edffaeb4772d

SHA1
1c48ac0c90c0ca8f489466fd823d2d4cbc3c0930

SHA256
ab5ba5774f5aaabb21715a31396f5df3da1e71e91651b61a402e581b4cd0df10

SHA512
9975d7efad5a1320beeeddcec32e01bcaed61bb74f0e9550fb42654b6d580c0fdfb9ef6663d9260c6b979936e4528842dd25e22399457db091b9384b9ebd6474

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\ffmpeg.dll
Filesize
2.0MB

MD5
b4fe8978c43a979ab771edffaeb4772d

SHA1
1c48ac0c90c0ca8f489466fd823d2d4cbc3c0930

SHA256
ab5ba5774f5aaabb21715a31396f5df3da1e71e91651b61a402e581b4cd0df10

SHA512
9975d7efad5a1320beeeddcec32e01bcaed61bb74f0e9550fb42654b6d580c0fdfb9ef6663d9260c6b979936e4528842dd25e22399457db091b9384b9ebd6474

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\icudtl.dat
Filesize
9.9MB

MD5
9e8b247aa7a609e6632518ecd6634fc0

SHA1
cc43315bec76167be7dfbb7dd0b6d61974204d6c

SHA256
18acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0

SHA512
7a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\locales\en-US.pak
Filesize
71KB

MD5
ce30d32061b772148cbc966915291edc

SHA1
4c5edaed4f3ba6e10443f344e757c26f7ceb4ce9

SHA256
88a07be1329cfde3486dd0376de77e289468a750273970aeae6ad4468c0969f4

SHA512
720fa132a3362ea4f5ea10f30c4996378d1f196210cef13c38579dbacc1f11e55d6dfdaa3aa0a6a574670a962f6e2910a2d66a64a1e7e1d6466b20529f5652cd

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\natives_blob.bin
Filesize
80KB

MD5
1582ffe1b8cb37438bc22edee6cd0a90

SHA1
01af249f33b2e5ffba18ba8f7cd76f2ee0e5f425

SHA256
02586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80

SHA512
8c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources.pak
Filesize
8.3MB

MD5
d7366c8fe7d425511dd5bb4e345de213

SHA1
44aee6e504c7a56c55a61ca03df9eab32fad5e57

SHA256
4597e550c84e5aa8b532fd95b885d2e7c14a142d308a530d6e577957bcafd8c7

SHA512
808ccd635d622229890e5f6feca5d914c2bf8ae404e004feee0aa75aec6be9dd69fc40d64c927d1f79385ea3e6834d530cfb0f72071566df19e7ea723de3139b

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\app.asar
Filesize
178.3MB

MD5
77d720360cd92d24ca6d2af79a351b5d

SHA1
4c48b16d5cb425fb64b28065ccf52e8d0afc3e0f

SHA256
c89dee66a701ba4e0bceedb5aa2b021edd3e10f55f7f369e43dc3a2f0e5fc151

SHA512
82a6f83856f58a16ecece1d093630191c3591a6f83fd8e351e518de64a1bba7b67c906747147a8b0dfd74fcc253fe21a6076f6d5e1498249226aedc5857dcaba

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\static\app-icons\Monolith_Logo_opt.png
Filesize
11KB

MD5
90d0878d83510ee389bb07667ab8b6dc

SHA1
b2c9707105ae935a8afb61722569f67da2981e1e

SHA256
c560f141e41106339184a97443d335c34d12fa783de8c170b15a9b365c6c055a

SHA512
fc675f11c738c094cd695f817b8080537a997cba1e942ca41331b05d7bf8058ff39e75024e68dd025bdf667e2c6b7a9efe2a4db1873117fc314729cf8f23a03f

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\static\themes\css\dx.material.monolith-purple-light.css
Filesize
682KB

MD5
378e4df0376c54352ce0a58e4c2af1fb

SHA1
752b448d9a69f14ca6a19bfb162c26f5945e7583

SHA256
7703118805cc19c17d0d98dcd033cb695a912ae7858980e6a2d9c254506da054

SHA512
c672867a56675505b581cdd0202ad69db625eb084d6f4e75baed1eed554c448c415614969cf0bde8579576782c5ce59b9663c72b555f41e4c90f1b28bff3d16e

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\resources\static\themes\css\icons\dxiconsmaterial.woff2
Filesize
9KB

MD5
403ac7202be5529b6831062cbc54a29b

SHA1
177145594ca3c163ceb7ffc13f17ce2e7d0333d4

SHA256
454b86826f7f639c380469b0e82ee85c3a57f65fbababb9841c77721018ebe34

SHA512
3537bc42fcb2f3f92d6eb89042488d7b74effafb24a760934c17294cd6d19bf9c1a1d6ebd130e9644ce3725ae677cba7614f4b921a8abf973924a90951df985d

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\swiftshader\libEGL.dll
Filesize
333KB

MD5
f8bf64117e0b9bc056be8babc9651a8c

SHA1
736ed899e4b2a4b555c8440b5be29c7f6c694e23

SHA256
f76b789183b1a5461da03154fab67048865d27e2cc4ecd1014da33c912c60880

SHA512
3b49dfa01485016c80e34296846272af2ae570ac5e5b21ffc5bbf926ea694d3f115b25ffd56c4b7bfaae25f7d7078c9b92b4205a9471a89757eceae1ac929f35

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\swiftshader\libGLESv2.dll
Filesize
3.7MB

MD5
823843dbc9eacb00242a9592bb2171d2

SHA1
1515548bea2304556194d5d6646aebf391c94202

SHA256
b84f8ff351c57ebf9cb55228a503ea9c0d097d80f4b29ab8cfba877adf2912f0

SHA512
d727bde32eeb42f53c2a1e2a9929a76d19a22ddbe949e9d7da0374f141a9975e0aa1d5532297ff0e27967c82718d1ee1e8dfe6c522cde9a5740db2452dfae944

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\swiftshader\libegl.dll
Filesize
333KB

MD5
f8bf64117e0b9bc056be8babc9651a8c

SHA1
736ed899e4b2a4b555c8440b5be29c7f6c694e23

SHA256
f76b789183b1a5461da03154fab67048865d27e2cc4ecd1014da33c912c60880

SHA512
3b49dfa01485016c80e34296846272af2ae570ac5e5b21ffc5bbf926ea694d3f115b25ffd56c4b7bfaae25f7d7078c9b92b4205a9471a89757eceae1ac929f35

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\swiftshader\libglesv2.dll
Filesize
3.7MB

MD5
823843dbc9eacb00242a9592bb2171d2

SHA1
1515548bea2304556194d5d6646aebf391c94202

SHA256
b84f8ff351c57ebf9cb55228a503ea9c0d097d80f4b29ab8cfba877adf2912f0

SHA512
d727bde32eeb42f53c2a1e2a9929a76d19a22ddbe949e9d7da0374f141a9975e0aa1d5532297ff0e27967c82718d1ee1e8dfe6c522cde9a5740db2452dfae944

Download Submit
C:\Users\Admin\AppData\Local\Programs\monolith_notes\v8_context_snapshot.bin
Filesize
684KB

MD5
ade12ed60b340f474e242f66ba423711

SHA1
4d800cd71872e76e08a5a5650ff0169eb16f8ef6

SHA256
25b3a8326201f6940611c49eabecaff1648d31c27ff38dd192015b23e7dc75e0

SHA512
2cb2af6e0f873a36aba90307fba0b56a039f1ee29f317c70c5fc41634b19f6c0a807aa9293cbf7a83f470637921ddc96f79b4273300a61259447fce0624a097e

Download Submit
C:\Users\Admin\AppData\Local\Temp\f2f85d9d-05fa-4ea6-a471-3863c2161266.tmp.node
Filesize
1.3MB

MD5
d184595fcd9782dc5acbe5923e7bdd73

SHA1
8537fe5cca059115de3cb4512e503865acd36240

SHA256
55ac01f5955050f5a27ac4bf5ec9f441066b912e4b75dca8cfaa356dc3e853de

SHA512
b21e286f6e830e8dfd25370271570eec406d30a5748fc2cc8010a2909aac516526da23fa4a238c10b11a74deb9f084c50f54edcfeb4ba404ab6a2d18910134e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD199.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/3376-160-0x0000000000000000-mapping.dmp

Download
memory/3420-157-0x0000000000000000-mapping.dmp

Download
memory/4180-154-0x0000000000000000-mapping.dmp

Download