Create Interactive Tour

Windows Analysis Report
https://sforce.co/lockdownWindows

Overview

General Information

Sample URL:	https://sforce.co/lockdownWindows
Analysis ID:	1299617
Infos:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Modifies existing windows services

Drops PE files

Tries to load missing DLLs

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Stores files to the Windows start menu directory

Creates or modifies windows services

Found dropped PE file which has not been started or loaded

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

System is w10x64_ra

chrome.exe (PID: 4084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://sforce.co/lockdownWindows MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5672 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 4496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

LockDownBrowserOEMSetup.exe (PID: 7884 cmdline: "C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe" MD5: 78E3E5B8AD9E9B9CBCCB60C01A9598E7)

LockDownBrowserOEMSetup.exe (PID: 7904 cmdline: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe -package:"C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\LockDownBrowserOEMSetup.exe" MD5: 2F011DD8FDC25B623A9A1AD755F9A24D)

ISBEW64.exe (PID: 8092 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1AD1590-D936-446C-A33C-3E9DD1094A06} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 8124 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D17A6295-3655-4826-86AD-9C9C39741546} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 8156 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B75B3613-A762-42B8-BD7B-6E63DB8B8CC6} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 3228 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B481AFF-9960-43B6-9BC6-B45C0FE698C4} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 6232 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA0DCC62-5071-467B-9ECD-73FFF505BA8A} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 3232 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D1F30F7-7414-45F8-BF17-D8E7A5E3D3B2} MD5: CB279E894409AEF5F9410D7D8D113C54)

ISBEW64.exe (PID: 6212 cmdline: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8B5831A-702E-47BB-A452-7D18A2A2380D} MD5: CB279E894409AEF5F9410D7D8D113C54)

SrTasks.exe (PID: 4952 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: EAB7745B9C75EB09DAB1CD3EF671D297)

conhost.exe (PID: 4304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

LockDownBrowserOEM.exe (PID: 2216 cmdline: "C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe" MD5: FC4E6596C23C772A1AEBF8438F2517FA)

LockDownBrowserOEM.exe (PID: 7212 cmdline: "C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe" MD5: FC4E6596C23C772A1AEBF8438F2517FA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• System Summary
• Persistence and Installation Behavior
• Boot Survival
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe

Section loaded: sfc.dll

Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://sforce.co/lockdownWindows
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5672 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe "C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe"
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe -package:"C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\LockDownBrowserOEMSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1AD1590-D936-446C-A33C-3E9DD1094A06}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D17A6295-3655-4826-86AD-9C9C39741546}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B75B3613-A762-42B8-BD7B-6E63DB8B8CC6}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B481AFF-9960-43B6-9BC6-B45C0FE698C4}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA0DCC62-5071-467B-9ECD-73FFF505BA8A}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D1F30F7-7414-45F8-BF17-D8E7A5E3D3B2}
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5672 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1780,i,7293487574974295432,3422612196477524790,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe "C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1AD1590-D936-446C-A33C-3E9DD1094A06}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D17A6295-3655-4826-86AD-9C9C39741546}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B75B3613-A762-42B8-BD7B-6E63DB8B8CC6}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B481AFF-9960-43B6-9BC6-B45C0FE698C4}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA0DCC62-5071-467B-9ECD-73FFF505BA8A}
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D1F30F7-7414-45F8-BF17-D8E7A5E3D3B2}
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8B5831A-702E-47BB-A452-7D18A2A2380D}
Source: unknown	Process created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe "C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe"
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8B5831A-702E-47BB-A452-7D18A2A2380D}
Source: unknown	Process created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe "C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe"
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe -package:"C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\LockDownBrowserOEMSetup.exe"

Source: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4304:120:WilError_02
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\00D779A4-92E4-404A-A502-045E1D6E3C34

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe

File created: C:\Program Files (x86)\InstallShield Installation Information\

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\eef71347-104d-4a91-87ff-5fde852c0987.tmp

Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe

File created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}

Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe

File written: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\0x0407.ini

Source: classification engine

Classification label: clean4.win@51/188@0/48

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe

File read: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\setup.ini

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\eef71347-104d-4a91-87ff-5fde852c0987.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\LockDownBrowserOEMSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LdbRst10.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulkan-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_elf.dll (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc808B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc83F8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libGLESv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3dcompiler_47.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_swiftshader.dll (copy)	Jump to dropped file
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF5AD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib8B54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isuser_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF59C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBF4EC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib899E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\Ldb83D8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libcef.dll (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 488790.crdownload	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr84F6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib895E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3d8555.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotF4BB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_BB61.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrF53C.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	File created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulBD19.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.dll (copy)	Jump to dropped file

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus\
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus\LockDown Browser OEM.lnk

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulkan-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LdbRst10.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_elf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libGLESv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc83F8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3dcompiler_47.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_swiftshader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF5AD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib8B54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isuser_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF59C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib899E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\Ldb83D8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libcef.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib895E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr84F6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3d8555.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotF4BB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_BB61.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrF53C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulBD19.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.dll (copy)	Jump to dropped file

Source: C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe	File Volume queried: C:\Windows FullSizeInformation

Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\lockdownbrowseroemsetup.exe -package:"c:\users\user\downloads\lockdownbrowseroemsetup.exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\disk1\lockdownbrowseroemsetup.exe"
Source: C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\lockdownbrowseroemsetup.exe -package:"c:\users\user\downloads\lockdownbrowseroemsetup.exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{27012b02-3efe-43f2-b9bc-858acf02891d}\disk1\lockdownbrowseroemsetup.exe"

Source: C:\Windows\System32\SrTasks.exe

Queries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Command and Scripting Interpreter	2 Windows Service	2 Windows Service	2 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Process Injection	1 Process Injection	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 DLL Side-Loading	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	1 Registry Run Keys / Startup Folder	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Source	Detection	Scanner	Label	Link
https://sforce.co/lockdownWindows	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Users\user\Downloads\Unconfirmed 488790.crdownload	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\ISSetup.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\setup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotF4BB.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF59C.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF5AD.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrF53C.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\Ldb83D8.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc808B.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc83F8.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr84F6.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3d8555.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib895E.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib899E.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib8B54.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_BB61.tmp	0%	ReversingLabs
C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulBD19.tmp	0%	ReversingLabs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.237	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
13.224.189.110	unknown	United States	16509	AMAZON-02US	false
67.199.248.12	unknown	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1299617
Start date and time:	2023-08-29 17:11:55 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://sforce.co/lockdownWindows
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	39
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean4.win@51/188@0/48

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
Timeout during stream target processing, analysis might miss dynamic analysis data
VT rate limit hit for: https://sforce.co/lockdownWindows

Created / dropped Files

C:\Program Files (x86)\InstallShield Installation Information\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setup.ilg (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	270848
Entropy (8bit):	2.757966736730635
Encrypted:	false
SSDEEP:
MD5:	14CD9C8EBC929721C02C7103FE062165
SHA1:	E9768355330B804D7D351E1A30763E8E97D014C3
SHA-256:	5B68A65CB05E96EFCE249137C4FF950667CB0E0B8471778B1694823502A94EB7
SHA-512:	C2B1B1A8AFAB54AF0EB33ECB3D5908735EEFAAA6F8C0229EF531A1B16318A646840B89F9FA54DD33B2CFF66297D4FF3F0F98D08B4F227149895E7939BF3A9C50
Malicious:	false
Reputation:	low
Preview:	......................>.......................................................{.......................................................................................................................................................................................................................................................................................................................................................................................................................................................!..............................................................................................................."... ...)...^...#...$...%...&...'...(...6...7...+...,...-......./...0...1...2...3...4...5.......8...T...9...:...;...<...=...>...?...@...A...\...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...U...[...V...W...X...Y...Z...n...]..._...`.......m...a.......c...d...e...f...g...h...i...j...k...l.......s...o...p...q...r...t...z...u...v...w...x...y...\|...

C:\Program Files (x86)\InstallShield Installation Information\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setup.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2876
Entropy (8bit):	3.7318566612983046
Encrypted:	false
SSDEEP:
MD5:	FC70C6D6EB1B7C9EB415A22FC81F16F2
SHA1:	40A60E21499A6F07E2B872584D9A627A82AC1DD2
SHA-256:	AA6839801563AD7319D58A9A37A8D5BDC449BA3AE2E3447AF365D107B5B94084
SHA-512:	FAB4ED288C7DAF2808E79C7309572AABDE84A20361F934DD5B8FB94EBBD7130C426E882C9169AE317693734D2D47E515E32AD7042B48629B5334C0AD06E1B934
Malicious:	false
Reputation:	low
Preview:	..[.S.t.a.r.t.u.p.].....E.n.a.b.l.e.L.a.n.g.D.l.g.=.Y.....P.r.o.d.u.c.t.=.R.e.s.p.o.n.d.u.s. .L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.....P.r.o.d.u.c.t.G.U.I.D.=.0.0.D.7.7.9.A.4.-.9.2.E.4.-.4.0.4.A.-.A.5.0.2.-.0.4.5.E.1.D.6.E.3.C.3.4.....C.o.m.p.a.n.y.N.a.m.e.=.R.e.s.p.o.n.d.u.s.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...R.e.s.p.o.n.d.u.s...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.....S.o.u.r.c.e.=.0.....A.l.l.U.s.e.r.s.=.1.....I.n.s.t.a.l.l.G.u.i.d.=.{.0.0.D.7.7.9.A.4.-.9.2.E.4.-.4.0.4.A.-.A.5.0.2.-.0.4.5.E.1.D.6.E.3.C.3.4.}.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Ldb83D8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	186952
Entropy (8bit):	6.739443052619828
Encrypted:	false
SSDEEP:
MD5:	D46BBCCB10AFAB1F4315F6B81EE5AC53
SHA1:	E63051005B051EA32BF5CCF8FC3BF84BF2739B7A
SHA-256:	A364C12AB27F12052B688516DBD1E49CBE453F5B0B090B7439D419BBFA167695
SHA-512:	FC6B98F6B3D902DC581528EB74CE5F8395D101A2DEC506A431B6DA3711EE30330A934EC4B01AA0541DA95AF013951B0DA5AE1FBDF8972C7883D2A4BEBA7B4EE7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........SA...A...A...2..K...2.....2..S.....`.@......R......\......S......G......@...2..J...A.........B.....X.@...A.0.@......@...RichA...........................PE..L.....[..........................................@.......................................@.................................tR..x........O..............H....`.......I..p............................J..@............................................text.............................. ..`.rdata.............................@..@.data...H....`.......P..............@....rsrc....O.......P...Z..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LdbRst10.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	186952
Entropy (8bit):	6.739443052619828
Encrypted:	false
SSDEEP:
MD5:	D46BBCCB10AFAB1F4315F6B81EE5AC53
SHA1:	E63051005B051EA32BF5CCF8FC3BF84BF2739B7A
SHA-256:	A364C12AB27F12052B688516DBD1E49CBE453F5B0B090B7439D419BBFA167695
SHA-512:	FC6B98F6B3D902DC581528EB74CE5F8395D101A2DEC506A431B6DA3711EE30330A934EC4B01AA0541DA95AF013951B0DA5AE1FBDF8972C7883D2A4BEBA7B4EE7
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........SA...A...A...2..K...2.....2..S.....`.@......R......\......S......G......@...2..J...A.........B.....X.@...A.0.@......@...RichA...........................PE..L.....[..........................................@.......................................@.................................tR..x........O..............H....`.......I..p............................J..@............................................text.............................. ..`.rdata.............................@..@.data...H....`.......P..............@....rsrc....O.......P...Z..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc808B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12044512
Entropy (8bit):	6.374492968485288
Encrypted:	false
SSDEEP:
MD5:	FC4E6596C23C772A1AEBF8438F2517FA
SHA1:	1F26C8A00646A767796F43ADCB4EC45128DF9409
SHA-256:	1C73BCC57D29E80DE49673C489514B4F8F17E42484FF494A96066991778CDD07
SHA-512:	AC84D56BBDDBBCBA88896C826FDDF18FADA79719122595E0B9FBAD793D5A8799E7A73D6D3ABEFEA40AF839DC0A72FF560749CEA07A039A966B51EA9E159A5F92
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......D.`.............K...-...K.............................^.................................K...$...K.......K...+..................................Rich............PE..L......d.........."....$.........."............@.....................................@...................................~.........h.f.............................T.............................................~.H............................text............................... ..`.rdata....... ......................@..@.data....X... ...F..................@....rsrc.....f.......f..X..............@..@.reloc........}......T}.............@..@.idata...4....~..4...^~.............@....text.....9...~...9...~............. ..`................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc83F8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	95968
Entropy (8bit):	6.5240953575254474
Encrypted:	false
SSDEEP:
MD5:	7728F56904AD294865D1B7AA4AA0145C
SHA1:	76F99D069B3750AA0A411F365FFFB98F9E58B01D
SHA-256:	B3F64A9AC8A5C8F5323B5FCAA965F04FEB1F18CB6F271D72E533084D1C429233
SHA-512:	AB3EBA3844D82E72E9DD81EDABC6C4BAA23668F6EFD51DDA6F5C01D47D73396782B5549E6E1104313180ACD8896771127C3737CD0D3B2E94B2436060AE78DF7F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.]1..3b..3b..3b.0c..3b.6c..3b.7c..3bZ.6c..3bZ.7c..3bZ.0c..3b.2c..3b..2b].3b.6c..3b.3c..3b..b..3b.1c..3bRich..3b........PE..L...{v.c...........!................d...............................................G.....@.........................`7......@8..<....p..X............H..........0...\,..T............................,..@............... ............................text............................... ..`.rdata...^.......`..................@..@.data........@.......(..............@....cldb........`.......2..............@....rsrc...X....p.......4..............@..@.reloc..0............8..............@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc8418.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 32x32, 8 bits/pixel
Category:	dropped
Size (bytes):	304278
Entropy (8bit):	4.842452719588112
Encrypted:	false
SSDEEP:
MD5:	FA2B411A6017825B0EA023C0F08B8A82
SHA1:	D612649ADE8CB9186426919E5CDF8DCA8E89E8B9
SHA-256:	116C5DF02F09F00BB50AA54B2D9A518F0EC40FFCDCE620DCA1006B7D50530A07
SHA-512:	E53FE8C99E31FC3F157E8A385748A0D53C3C5114A5A41C075DD15AA30E4FC3B3EAE713B7F98BA919BC3BE71A8EBDE7FAA5F6567D28F7DC86D811812A8B36DEEE
Malicious:	false
Reputation:	low
Preview:	...... ..........f... ..........N... .... .........00.... ..%......@@.... .(B..FB........ .( ..n...(... ...@....................................k...9O.'Te.bnc..r-... ..$...Y..^...f.Ks..\.......................................y..............wg..............eUh..............4...........................................2#.............0.......................................... .........{..............{......<...z..............w........2.....wz..............wz..............w..............z......33.333..G.......33#"B2..z..........wwu.........H...wd..........................H...M..............H.........................................................................................................?....................................................................................?..............................?.....(... ...@............................................k...8L..=Q."6N.!:R..@R..MK.4MF.6RJ.#JX.8HR.7SV..Gc..L`..Lo..Xt.'Ih.4Sh.#Zw.%^y..a{.@YK.kdA.ulG.wpQ.A_

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	95968
Entropy (8bit):	6.5240953575254474
Encrypted:	false
SSDEEP:
MD5:	7728F56904AD294865D1B7AA4AA0145C
SHA1:	76F99D069B3750AA0A411F365FFFB98F9E58B01D
SHA-256:	B3F64A9AC8A5C8F5323B5FCAA965F04FEB1F18CB6F271D72E533084D1C429233
SHA-512:	AB3EBA3844D82E72E9DD81EDABC6C4BAA23668F6EFD51DDA6F5C01D47D73396782B5549E6E1104313180ACD8896771127C3737CD0D3B2E94B2436060AE78DF7F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.]1..3b..3b..3b.0c..3b.6c..3b.7c..3bZ.6c..3bZ.7c..3bZ.0c..3b.2c..3b..2b].3b.6c..3b.3c..3b..b..3b.1c..3bRich..3b........PE..L...{v.c...........!................d...............................................G.....@.........................`7......@8..<....p..X............H..........0...\,..T............................,..@............... ............................text............................... ..`.rdata...^.......`..................@..@.data........@.......(..............@....cldb........`.......2..............@....rsrc...X....p.......4..............@..@.reloc..0............8..............@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 32x32, 8 bits/pixel
Category:	dropped
Size (bytes):	304278
Entropy (8bit):	4.842452719588112
Encrypted:	false
SSDEEP:
MD5:	FA2B411A6017825B0EA023C0F08B8A82
SHA1:	D612649ADE8CB9186426919E5CDF8DCA8E89E8B9
SHA-256:	116C5DF02F09F00BB50AA54B2D9A518F0EC40FFCDCE620DCA1006B7D50530A07
SHA-512:	E53FE8C99E31FC3F157E8A385748A0D53C3C5114A5A41C075DD15AA30E4FC3B3EAE713B7F98BA919BC3BE71A8EBDE7FAA5F6567D28F7DC86D811812A8B36DEEE
Malicious:	false
Reputation:	low
Preview:	...... ..........f... ..........N... .... .........00.... ..%......@@.... .(B..FB........ .( ..n...(... ...@....................................k...9O.'Te.bnc..r-... ..$...Y..^...f.Ks..\.......................................y..............wg..............eUh..............4...........................................2#.............0.......................................... .........{..............{......<...z..............w........2.....wz..............wz..............w..............z......33.333..G.......33#"B2..z..........wwu.........H...wd..........................H...M..............H.........................................................................................................?....................................................................................?..............................?.....(... ...@............................................k...8L..=Q."6N.!:R..@R..MK.4MF.6RJ.#JX.8HR.7SV..Gc..L`..Lo..Xt.'Ih.4Sh.#Zw.%^y..a{.@YK.kdA.ulG.wpQ.A_

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12044512
Entropy (8bit):	6.374492968485288
Encrypted:	false
SSDEEP:
MD5:	FC4E6596C23C772A1AEBF8438F2517FA
SHA1:	1F26C8A00646A767796F43ADCB4EC45128DF9409
SHA-256:	1C73BCC57D29E80DE49673C489514B4F8F17E42484FF494A96066991778CDD07
SHA-512:	AC84D56BBDDBBCBA88896C826FDDF18FADA79719122595E0B9FBAD793D5A8799E7A73D6D3ABEFEA40AF839DC0A72FF560749CEA07A039A966B51EA9E159A5F92
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......D.`.............K...-...K.............................^.................................K...$...K.......K...+..................................Rich............PE..L......d.........."....$.........."............@.....................................@...................................~.........h.f.............................T.............................................~.H............................text............................... ..`.rdata....... ......................@..@.data....X... ...F..................@....rsrc.....f.......f..X..............@..@.reloc........}......T}.............@..@.idata...4....~..4...^~.............@....text.....9...~...9...~............. ..`................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr8458.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	613679
Entropy (8bit):	7.962904630323119
Encrypted:	false
SSDEEP:
MD5:	F2E616EC8A31FEB2DCCAFF8B1E97A6D0
SHA1:	29E1B96F8C20F1219FEB071DD03010BB9C4DF3E4
SHA-256:	FE72B1C4031D5578EAA3455D560FF6EC666CC44B4D4CC8FBA6D55E1069AE115D
SHA-512:	EACBD878E897FC2C93DF4A09291737F91A98B3FC4A3361B7BDC98C7B647DF4AF9362E3BA6217FAFA19EE0F158004F919CAD24CC2D578469B4B6107610167E22C
Malicious:	false
Reputation:	low
Preview:	........n.+...R.....v...............!.....#.x...$.....&.t...).....:......33....3.....3.....3t....3....3H....3.....3.....3^....3....3.....3q....3....3&....3.....3....32....3.....3....3.....3.....3.....3....3S....3N....3[....3.....3.....3.....3.....3.....3-....3.....3.....3L....3.....3.....3.....3X....3%....3.....35....3.....3/....3m....3.....3.....3O....3~....3.....3.#...3.7...3.8...3.;...3.=...3.@...3.I...3LQ...3.W...3.\...33b...3.g...3.m...3.r...3.x...30....3.....3.....4....4.....4>....4<....4....4....4.....4H....4.....4.....4.....4e....4.....4;....4.....4.....4.,...47F...4.i...4h~...4A....4.....4]....4.....4.....4[....4M-...4.A...4xZ...4%f...4Su...4.... 4...!4...."4...#4I...$4....%4....&4....'4....(4}...)4....4....+4z!..,4.+..04./..14c4..24.9..34.J..44.\..54.o..64s...74v...84...94....:4....;4....<4n...=4[...>4....?4....@4....A4k...G4P...H4S ..I4T...J4./..Z4h/..[4[3..\4.9..]4.?..^4.E.._4.K..`4.Q..a4WV..b4.\..c4Eb..d4....e4....f4...h4...i4....j4f....7:...bR...cR...dR'.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr8497.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	918658
Entropy (8bit):	7.947805326601068
Encrypted:	false
SSDEEP:
MD5:	9C3CCB007CCF7D8F0FAFEF578ADCC479
SHA1:	E139BE515276A843609B88A651DD98A0253DC507
SHA-256:	19E947A23E83985D78FFA1A9E0B38CA57C5E959C4952325FCB0637AF08BCBD14
SHA-512:	1E952D25A194B8CA0FEF34C9460503FEE644B4881E20DE5DC72FCE259CE2904D51B2316D580C154052D24EDDD4665D2EFFDD18AD2A3242ABBBDC269E60754846
Malicious:	false
Reputation:	low
Preview:	........n.+...R...........Q.........!.b!..#.-"..$.."..&..#..)..$..:..%...3{'...3.....3j....3.....3V....3....30....3.....3.....3y....3....3=....3.....3.....3v....3....3:....3.....3.....3....3.....3....3Q....37....3.....3.....3.....3I0...3.0...3:2...3.9...3J:...3.<...3.>...3M@...3.B...3PE...3.J...3.O...3zP...3.[...3.e...3Zf...3.g...3.h...3.i...3ii...3.\|...3,....3.....3l....3.....3C....3.....3.....3.....3.....3n....3$....3.=...3ZM...3.\...3.l...3.{...3.....3.....3.....3.....4.....4.....4Q....43....4.+...4\H...4.^...4.x...4.....4....4.....4]....4.....4.....4.....4.....4.3...4tM...4.p...4.....4.....4.....4.....4.....46....4.....4.4...4sI...49b...4.m...4,}...4.... 4....!4...."4....#4^...$4....%4....&4....'4\...(4....)4....*4h...+4.)..,4:4..04.<..14.D..24.M..34yt..44....54G...64....74....84c4..94.\..:4R...;4[...<4....=4....>4....?4S...@4....A4....G4\|...H4.7..I4=Q..J4.T..Z4.T..[4e]..\4.h..]4.t..^4z..._4h...`4....a4....b4....c4...d4....e4....f4....h4.%..i4.2..j4.>...7.W..bR.d..cR.i..dR.m

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr84F6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1106432
Entropy (8bit):	6.425542641796844
Encrypted:	false
SSDEEP:
MD5:	411466D630E0F5F8C1B18AF69534FAE7
SHA1:	91924C45F2AF47A15D496BDA9B3E876815855BCA
SHA-256:	B593FC3B52907B47D5244049353F18597D93DDCE9E89670ADDDC3DD68B261DA8
SHA-512:	A040B133AAD27C4324DBDF5DC19C07CBE4EA501E320C04EE55DF06F59D0398BE9658AA1B87F0AD8A2C42919EB75721EE7A5CD0C74E6CFB1E2FBE147DEA676851
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.................f.......................................P............@A.........................U......zY..<...............................@....>......................`=...... ...............`\......LQ.......................text...?........................... ..`.rdata..l...........................@..@.data...............................@....00cfg.......p.......H..............@..@.crthunk@............J..............@..@.tls.................L..............@...CPADinfo(............N..............@....rsrc................P..............@..@.reloc..@............X..............@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_100_percent.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	613679
Entropy (8bit):	7.962904630323119
Encrypted:	false
SSDEEP:
MD5:	F2E616EC8A31FEB2DCCAFF8B1E97A6D0
SHA1:	29E1B96F8C20F1219FEB071DD03010BB9C4DF3E4
SHA-256:	FE72B1C4031D5578EAA3455D560FF6EC666CC44B4D4CC8FBA6D55E1069AE115D
SHA-512:	EACBD878E897FC2C93DF4A09291737F91A98B3FC4A3361B7BDC98C7B647DF4AF9362E3BA6217FAFA19EE0F158004F919CAD24CC2D578469B4B6107610167E22C
Malicious:	false
Reputation:	low
Preview:	........n.+...R.....v...............!.....#.x...$.....&.t...).....:......33....3.....3.....3t....3....3H....3.....3.....3^....3....3.....3q....3....3&....3.....3....32....3.....3....3.....3.....3.....3....3S....3N....3[....3.....3.....3.....3.....3.....3-....3.....3.....3L....3.....3.....3.....3X....3%....3.....35....3.....3/....3m....3.....3.....3O....3~....3.....3.#...3.7...3.8...3.;...3.=...3.@...3.I...3LQ...3.W...3.\...33b...3.g...3.m...3.r...3.x...30....3.....3.....4....4.....4>....4<....4....4....4.....4H....4.....4.....4.....4e....4.....4;....4.....4.....4.,...47F...4.i...4h~...4A....4.....4]....4.....4.....4[....4M-...4.A...4xZ...4%f...4Su...4.... 4...!4...."4...#4I...$4....%4....&4....'4....(4}...)4....4....+4z!..,4.+..04./..14c4..24.9..34.J..44.\..54.o..64s...74v...84...94....:4....;4....<4n...=4[...>4....?4....@4....A4k...G4P...H4S ..I4T...J4./..Z4h/..[4[3..\4.9..]4.?..^4.E.._4.K..`4.Q..a4WV..b4.\..c4Eb..d4....e4....f4...h4...i4....j4f....7:...bR...cR...dR'.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_200_percent.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	918658
Entropy (8bit):	7.947805326601068
Encrypted:	false
SSDEEP:
MD5:	9C3CCB007CCF7D8F0FAFEF578ADCC479
SHA1:	E139BE515276A843609B88A651DD98A0253DC507
SHA-256:	19E947A23E83985D78FFA1A9E0B38CA57C5E959C4952325FCB0637AF08BCBD14
SHA-512:	1E952D25A194B8CA0FEF34C9460503FEE644B4881E20DE5DC72FCE259CE2904D51B2316D580C154052D24EDDD4665D2EFFDD18AD2A3242ABBBDC269E60754846
Malicious:	false
Reputation:	low
Preview:	........n.+...R...........Q.........!.b!..#.-"..$.."..&..#..)..$..:..%...3{'...3.....3j....3.....3V....3....30....3.....3.....3y....3....3=....3.....3.....3v....3....3:....3.....3.....3....3.....3....3Q....37....3.....3.....3.....3I0...3.0...3:2...3.9...3J:...3.<...3.>...3M@...3.B...3PE...3.J...3.O...3zP...3.[...3.e...3Zf...3.g...3.h...3.i...3ii...3.\|...3,....3.....3l....3.....3C....3.....3.....3.....3.....3n....3$....3.=...3ZM...3.\...3.l...3.{...3.....3.....3.....3.....4.....4.....4Q....43....4.+...4\H...4.^...4.x...4.....4....4.....4]....4.....4.....4.....4.....4.3...4tM...4.p...4.....4.....4.....4.....4.....46....4.....4.4...4sI...49b...4.m...4,}...4.... 4....!4...."4....#4^...$4....%4....&4....'4\...(4....)4....*4h...+4.)..,4:4..04.<..14.D..24.M..34yt..44....54G...64....74....84c4..94.\..:4R...;4[...<4....=4....>4....?4S...@4....A4....G4\|...H4.7..I4=Q..J4.T..Z4.T..[4e]..\4.h..]4.t..^4z..._4h...`4....a4....b4....c4...d4....e4....f4....h4.%..i4.2..j4.>...7.W..bR.d..cR.i..dR.m

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_elf.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1106432
Entropy (8bit):	6.425542641796844
Encrypted:	false
SSDEEP:
MD5:	411466D630E0F5F8C1B18AF69534FAE7
SHA1:	91924C45F2AF47A15D496BDA9B3E876815855BCA
SHA-256:	B593FC3B52907B47D5244049353F18597D93DDCE9E89670ADDDC3DD68B261DA8
SHA-512:	A040B133AAD27C4324DBDF5DC19C07CBE4EA501E320C04EE55DF06F59D0398BE9658AA1B87F0AD8A2C42919EB75721EE7A5CD0C74E6CFB1E2FBE147DEA676851
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.................f.......................................P............@A.........................U......zY..<...............................@....>......................`=...... ...............`\......LQ.......................text...?........................... ..`.rdata..l...........................@..@.data...............................@....00cfg.......p.......H..............@..@.crthunk@............J..............@..@.tls.................L..............@...CPADinfo(............N..............@....rsrc................P..............@..@.reloc..@............X..............@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3d8555.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4108752
Entropy (8bit):	6.573320943386361
Encrypted:	false
SSDEEP:
MD5:	E1677EC0E21E27405E65E31419980348
SHA1:	666DE481C46E2C21B8F0DECC7E9115FC61D28ACD
SHA-256:	C2C7CA6505AD10826E6B92319CE7AA355392B0CBD092A0FB8D4381C2D31268BF
SHA-512:	31EA9E22A2DE873AD71C56386B45F510CC89B63EFF5526F75A9DE7987C65E91BFF9AE141CB47B49B986992A53D9A6E73FA3199A04F0BDE665D4928112FD13070
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.."..."..."...... ...".......+...'...............#....q.#......c.............#..................s.#......#...Rich"...................PE..L...,u.n...........!......;..(........-.......<..............................@?......?...@A..........................;.u....2=.P....@=.@.............>..!...P=.P.......T...................\|u..........@............0=..............................text.....;.......;................. ..`.data...@"....<.......;.............@....idata.......0=.......<.............@..@.rsrc...@....@=.......<.............@..@.reloc..P....P=.......<.............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3dcompiler_47.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4108752
Entropy (8bit):	6.573320943386361
Encrypted:	false
SSDEEP:
MD5:	E1677EC0E21E27405E65E31419980348
SHA1:	666DE481C46E2C21B8F0DECC7E9115FC61D28ACD
SHA-256:	C2C7CA6505AD10826E6B92319CE7AA355392B0CBD092A0FB8D4381C2D31268BF
SHA-512:	31EA9E22A2DE873AD71C56386B45F510CC89B63EFF5526F75A9DE7987C65E91BFF9AE141CB47B49B986992A53D9A6E73FA3199A04F0BDE665D4928112FD13070
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.."..."..."...... ...".......+...'...............#....q.#......c.............#..................s.#......#...Rich"...................PE..L...,u.n...........!......;..(........-.......<..............................@?......?...@A..........................;.u....2=.P....@=.@.............>..!...P=.P.......T...................\|u..........@............0=..............................text.....;.......;................. ..`.data...@"....<.......;.............@....idata.......0=.......<.............@..@.rsrc...@....@=.......<.............@..@.reloc..P....P=.......<.............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\icu867F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	10544880
Entropy (8bit):	6.276833777601164
Encrypted:	false
SSDEEP:
MD5:	2134E5DBC46FB1C46EAC0FE1AF710EC3
SHA1:	DBECF2D193AE575ABA4217194D4136BD9291D4DB
SHA-256:	EE3C8883EFFD90EDFB0FF5B758C560CBCA25D1598FCB55B80EF67E990DD19D41
SHA-512:	B9B50614D9BAEBF6378E5164D70BE7FE7EF3051CFFF38733FE3C7448C5DE292754BBBB8DA833E26115A185945BE419BE8DD1030FC230ED69F388479853BC0FCB
Malicious:	false
Reputation:	low
Preview:	...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@'..H..`.(..H...e).7H..0.).VH...).xH......H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

C:\Program Files (x86)\Respondus\LockDown Browser OEM\icudtl.dat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	10544880
Entropy (8bit):	6.276833777601164
Encrypted:	false
SSDEEP:
MD5:	2134E5DBC46FB1C46EAC0FE1AF710EC3
SHA1:	DBECF2D193AE575ABA4217194D4136BD9291D4DB
SHA-256:	EE3C8883EFFD90EDFB0FF5B758C560CBCA25D1598FCB55B80EF67E990DD19D41
SHA-512:	B9B50614D9BAEBF6378E5164D70BE7FE7EF3051CFFF38733FE3C7448C5DE292754BBBB8DA833E26115A185945BE419BE8DD1030FC230ED69F388479853BC0FCB
Malicious:	false
Reputation:	low
Preview:	...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@'..H..`.(..H...e).7H..0.).VH...).xH......H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib895E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	375296
Entropy (8bit):	6.582068529366666
Encrypted:	false
SSDEEP:
MD5:	E0BF22BA9B186E1FBCA22981F90DD52B
SHA1:	36348EFD00A6618F5CA4BAB9D29CA56DDEFBF4D7
SHA-256:	BED14C82028C50E36052D34BCEC98609C15F446C7CDE9DEC72F1CB620D0A176D
SHA-512:	EC0F24A3A6F92F6E38E212B36D6D83EFCB2E1086E86B93E96F3707FA3E1F24C7952673E4F41D24DAD284F3E10A05F46E948DAFC0BD81634347BAA097DDDB6AE9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....T...b............................................... ............@A.........................,.......:..(.......x........................>..........................$........p...............;..`............................text..."S.......T.................. ..`.rdata.......p.......X..............@..@.data....3...p.......T..............@....00cfg...............p..............@..@.tls.................r..............@....rsrc...x............t..............@..@.reloc...>.......@...z..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib899E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6605824
Entropy (8bit):	6.812211731740797
Encrypted:	false
SSDEEP:
MD5:	F32150B43A61D62FE035CF4905B11A98
SHA1:	858A506E1F249DFEF75EDAAD194C2051386A557E
SHA-256:	C440B5520087010742853F404D815B4CE217608227C4C54CA2127CBADED3336D
SHA-512:	602EA34A503B492EAE05AFA159612CC6483C0317AA730FA9F908525E6B5E55DC786F4031E2DB0AEBEA8B57FA536A60C918D2AF4F7EA939AD912EBCD5874B0C7B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!......L...........@.......................................e...........@A........................Qv]......l^.d....`a......................pa.<.....].......................].....P.L.............\|o^.8....u].@....................text.....L.......L................. ..`.rdata........L.......L.............@..@.data........^..*....^.............@....00cfg.......@a.......`.............@..@.tls.........Pa.......`.............@....rsrc........`a.......`.............@..@.reloc..<....pa.......`.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib8B54.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	168004096
Entropy (8bit):	7.016021661003679
Encrypted:	false
SSDEEP:
MD5:	02C8EA486816ACCEE79D6C84D6F46C94
SHA1:	35ECEB3B9D0EE3844BA08313F2D90E5E8015B99A
SHA-256:	E5DC68F52594023BE3676842405CF0371C06822584B7DEB08F99E3589D24CF5C
SHA-512:	D5A6B511FA0960C8B3E25A2A18C0F88222E26AEACA5F9645289F4FA9C1E20ED403AF01E60C6B92D437F42B45CBA44E9CFEC04D3762232FCD58E41886EDCCB436
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....Nw..(..............................................p+...........@A........................R............... ..0C...................p....T.................................rw.............h.......... ....................text....Lw......Nw................. ..`.rdata...?-..`w..@-..Rw.............@..@.data...."/.........................@....00cfg...............4..............@..@.rodata.`............6.............. ..`.tls.................@..............@...CPADinfo(............B..............@...malloc_hL............D.............. ..`.rsrc...0C... ...D...J..............@..@.reloc....T..p....T.................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libEGL.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	375296
Entropy (8bit):	6.582068529366666
Encrypted:	false
SSDEEP:
MD5:	E0BF22BA9B186E1FBCA22981F90DD52B
SHA1:	36348EFD00A6618F5CA4BAB9D29CA56DDEFBF4D7
SHA-256:	BED14C82028C50E36052D34BCEC98609C15F446C7CDE9DEC72F1CB620D0A176D
SHA-512:	EC0F24A3A6F92F6E38E212B36D6D83EFCB2E1086E86B93E96F3707FA3E1F24C7952673E4F41D24DAD284F3E10A05F46E948DAFC0BD81634347BAA097DDDB6AE9
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....T...b............................................... ............@A.........................,.......:..(.......x........................>..........................$........p...............;..`............................text..."S.......T.................. ..`.rdata.......p.......X..............@..@.data....3...p.......T..............@....00cfg...............p..............@..@.tls.................r..............@....rsrc...x............t..............@..@.reloc...>.......@...z..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libGLESv2.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6605824
Entropy (8bit):	6.812211731740797
Encrypted:	false
SSDEEP:
MD5:	F32150B43A61D62FE035CF4905B11A98
SHA1:	858A506E1F249DFEF75EDAAD194C2051386A557E
SHA-256:	C440B5520087010742853F404D815B4CE217608227C4C54CA2127CBADED3336D
SHA-512:	602EA34A503B492EAE05AFA159612CC6483C0317AA730FA9F908525E6B5E55DC786F4031E2DB0AEBEA8B57FA536A60C918D2AF4F7EA939AD912EBCD5874B0C7B
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!......L...........@.......................................e...........@A........................Qv]......l^.d....`a......................pa.<.....].......................].....P.L.............\|o^.8....u].@....................text.....L.......L................. ..`.rdata........L.......L.............@..@.data........^..*....^.............@....00cfg.......@a.......`.............@..@.tls.........Pa.......`.............@....rsrc........`a.......`.............@..@.reloc..<....pa.......`.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libcef.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	168004096
Entropy (8bit):	7.016021661003679
Encrypted:	false
SSDEEP:
MD5:	02C8EA486816ACCEE79D6C84D6F46C94
SHA1:	35ECEB3B9D0EE3844BA08313F2D90E5E8015B99A
SHA-256:	E5DC68F52594023BE3676842405CF0371C06822584B7DEB08F99E3589D24CF5C
SHA-512:	D5A6B511FA0960C8B3E25A2A18C0F88222E26AEACA5F9645289F4FA9C1E20ED403AF01E60C6B92D437F42B45CBA44E9CFEC04D3762232FCD58E41886EDCCB436
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....Nw..(..............................................p+...........@A........................R............... ..0C...................p....T.................................rw.............h.......... ....................text....Lw......Nw................. ..`.rdata...?-..`w..@-..Rw.............@..@.data...."/.........................@....00cfg...............4..............@..@.rodata.`............6.............. ..`.tls.................@..............@...CPADinfo(............B..............@...malloc_hL............D.............. ..`.rsrc...0C... ...D...J..............@..@.reloc....T..p....T.................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\am.7104.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	677170
Entropy (8bit):	4.921912780619905
Encrypted:	false
SSDEEP:
MD5:	675ED41DE0192E755B58CF5EDFCCD673
SHA1:	3B31C31A03F4EDB583EC1B329D6884F78047AF45
SHA-256:	A45B6933D27F7030B2F2675829DBC77974250802CC176CC2C3890E9E925B748D
SHA-512:	279DB87FAC5FC14203ADF33757CC585A1E9A3E3552D6AEA771032D429B9BAB7A095105E63F4CCF13A661EE45F06C22E4BA4F2A18384FB74D914B0A25EEDFECCF
Malicious:	false
Reputation:	low
Preview:	........K ..e.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.\|...w.....y.....z.....\|.....}.........................................................................#.....?.....U.......................2.....\.....o.....w.................:.....<.....@.....h........................................./.....l.........................................+.....M.....c................................... .....&.....).....8.....a.............................I.....{.........................................................../.....h.............................W.....}.........................................B.....t...............................................&...../.....K.....R.....i.................].....j.......................6.....F.....c.....l.....{...................................b.......................@.....e.....k.....s........................... .....".....%.>...(.k...*.....+.....,.....-.........../.....0.8...1.....3.....4.....5.....6.....7.....8.....9.....;.....<.%.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\am.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	677170
Entropy (8bit):	4.921912780619905
Encrypted:	false
SSDEEP:
MD5:	675ED41DE0192E755B58CF5EDFCCD673
SHA1:	3B31C31A03F4EDB583EC1B329D6884F78047AF45
SHA-256:	A45B6933D27F7030B2F2675829DBC77974250802CC176CC2C3890E9E925B748D
SHA-512:	279DB87FAC5FC14203ADF33757CC585A1E9A3E3552D6AEA771032D429B9BAB7A095105E63F4CCF13A661EE45F06C22E4BA4F2A18384FB74D914B0A25EEDFECCF
Malicious:	false
Reputation:	low
Preview:	........K ..e.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.\|...w.....y.....z.....\|.....}.........................................................................#.....?.....U.......................2.....\.....o.....w.................:.....<.....@.....h........................................./.....l.........................................+.....M.....c................................... .....&.....).....8.....a.............................I.....{.........................................................../.....h.............................W.....}.........................................B.....t...............................................&...../.....K.....R.....i.................].....j.......................6.....F.....c.....l.....{...................................b.......................@.....e.....k.....s........................... .....".....%.>...(.k...*.....+.....,.....-.........../.....0.8...1.....3.....4.....5.....6.....7.....8.....9.....;.....<.%.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ar.7153.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	744296
Entropy (8bit):	4.933175307731013
Encrypted:	false
SSDEEP:
MD5:	82A2A25EFC1D525785D2D0FA79A408E6
SHA1:	70C30CC634A5CCB73BCFAADE8056D96085502706
SHA-256:	485805F0EC821CBFD54E95FAC394F65DD8D48B5EFFA2527AF13BA1ED97F86B6D
SHA-512:	86E4ACDC354EAB1D53981B14483042F35154CAE322A260E60E9810CF9F9C2C98EC2E8436F8F8830D7259F9B6DDE2BD66DBFE91352E167555EFB4A2A66E6DBFAD
Malicious:	false
Reputation:	low
Preview:	......... @.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.4...}.F.....N.....S.....[.....c.....k.....r.....y.........................................4.....D...................................8.........................................;.....E.....\.....o...................................7.....P.....T.....^.....s.......................$.....,.....?.....V.....q.....{...................................@.....i.........................................0.....C.....v............................. .....N.....p.............................9.....S.....~...............................................%.....(.....2.....<.....J.....Q.....g.................Y.....l.......................^.....w.........................................3.....R.............................].....\|....................................... .....".....%.H...(.....*.....+.....,.....-.......N.../.....0.....1.....3.....4.....5.-...6.....7.....8.....9.....;.....<.;...=.Q...>.....?...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ar.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	744296
Entropy (8bit):	4.933175307731013
Encrypted:	false
SSDEEP:
MD5:	82A2A25EFC1D525785D2D0FA79A408E6
SHA1:	70C30CC634A5CCB73BCFAADE8056D96085502706
SHA-256:	485805F0EC821CBFD54E95FAC394F65DD8D48B5EFFA2527AF13BA1ED97F86B6D
SHA-512:	86E4ACDC354EAB1D53981B14483042F35154CAE322A260E60E9810CF9F9C2C98EC2E8436F8F8830D7259F9B6DDE2BD66DBFE91352E167555EFB4A2A66E6DBFAD
Malicious:	false
Reputation:	low
Preview:	......... @.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.4...}.F.....N.....S.....[.....c.....k.....r.....y.........................................4.....D...................................8.........................................;.....E.....\.....o...................................7.....P.....T.....^.....s.......................$.....,.....?.....V.....q.....{...................................@.....i.........................................0.....C.....v............................. .....N.....p.............................9.....S.....~...............................................%.....(.....2.....<.....J.....Q.....g.................Y.....l.......................^.....w.........................................3.....R.............................].....\|....................................... .....".....%.H...(.....*.....+.....,.....-.......N.../.....0.....1.....3.....4.....5.-...6.....7.....8.....9.....;.....<.;...=.Q...>.....?...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bg.71A3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	772855
Entropy (8bit):	4.6886599490986445
Encrypted:	false
SSDEEP:
MD5:	BB60FCFC9E15074B574BC1FC29862E0B
SHA1:	42520C2B120B666119BEBECB81CEEA0FFF424A14
SHA-256:	5B0B31D04A6D9ADAED9072CEFBCC3375F77C641C15DD76C1629AB9B7EC741AE1
SHA-512:	BFA026312ED705E90CC94A5D59D2ECAB6F6BE26F22BF20E9039FE3BC1EDC8924EDDD9A86069B98B013372AC592A1F435451E0B057E268696698A8E96AE976E08
Malicious:	false
Reputation:	low
Preview:	........= ..e.....h.....i.....j.....k.....l.....n.....o.....p.(...r.....s.?...t.H...v.]...w.j...y.p...z.....\|.....}.........................................................................$.....F....._.....\|.......................M.....Y.....c.................1.....3.....7....._.............................).....<.....L.............................2.....>.....H.....l.......................B.....L.....\.........................................5.....^.......................F.....t.........................................$.....:.....T.............................0...................................?.....x.....{.......................<.....m.....................................................'...........@.................g.......................#.....\.....{.............................2.....].................2.....s.......................&.....T..................... .....".....%.#...(.M...*.y...+.\|...,.....-.......4.../.b...0.k...1.....3.....4.-...5.b...6.....7.....8.0...9.T...;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bg.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	772855
Entropy (8bit):	4.6886599490986445
Encrypted:	false
SSDEEP:
MD5:	BB60FCFC9E15074B574BC1FC29862E0B
SHA1:	42520C2B120B666119BEBECB81CEEA0FFF424A14
SHA-256:	5B0B31D04A6D9ADAED9072CEFBCC3375F77C641C15DD76C1629AB9B7EC741AE1
SHA-512:	BFA026312ED705E90CC94A5D59D2ECAB6F6BE26F22BF20E9039FE3BC1EDC8924EDDD9A86069B98B013372AC592A1F435451E0B057E268696698A8E96AE976E08
Malicious:	false
Reputation:	low
Preview:	........= ..e.....h.....i.....j.....k.....l.....n.....o.....p.(...r.....s.?...t.H...v.]...w.j...y.p...z.....\|.....}.........................................................................$.....F....._.....\|.......................M.....Y.....c.................1.....3.....7....._.............................).....<.....L.............................2.....>.....H.....l.......................B.....L.....\.........................................5.....^.......................F.....t.........................................$.....:.....T.............................0...................................?.....x.....{.......................<.....m.....................................................'...........@.................g.......................#.....\.....{.............................2.....].................2.....s.......................&.....T..................... .....".....%.#...(.M...*.y...+.\|...,.....-.......4.../.b...0.k...1.....3.....4.-...5.b...6.....7.....8.0...9.T...;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bn.71E2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	996582
Entropy (8bit):	4.299808627742648
Encrypted:	false
SSDEEP:
MD5:	B6962F07A2A58F166BC62747639CE3B0
SHA1:	9DED6CCE3651B8A87646797FC67788EF9BE92168
SHA-256:	B27C585241D4747EFDF02A11F5D190D176C7A465664E8E7AE6B8FD8E05D37E05
SHA-512:	8D3F337676A740B081CD145E18006D2B6CD1252C09BF55DBF35355CC3C7D0B3DFFAB9F731C9518A51A20FF652C659F3EE3FB500ABB074C32E95DCA21AE0DD977
Malicious:	false
Reputation:	low
Preview:	........? ..e.....h.....i.....j.....k.....l.....n.#...o.)...p.6...r.<...s.M...t.V...v.k...w.x...y.~...z.....\|.....}...............................................................................................................................=.....I.................K.....M.....Q.....y.......................T.....}.......................>.....q.......................&.....H.....v.................^.....m...............................................j.................+.....k.........................................&.....B.......................q...............................................9.....k...................................\.............................................../.....F.....g......................B......................._.....{...................................9.................b.................L.................!.....@.....f..................... .....".....%.k...(..........,.....-.......k.../.....0.....1.5...3.U...4.....5.....6.....7.....8.....9.9...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bn.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	996582
Entropy (8bit):	4.299808627742648
Encrypted:	false
SSDEEP:
MD5:	B6962F07A2A58F166BC62747639CE3B0
SHA1:	9DED6CCE3651B8A87646797FC67788EF9BE92168
SHA-256:	B27C585241D4747EFDF02A11F5D190D176C7A465664E8E7AE6B8FD8E05D37E05
SHA-512:	8D3F337676A740B081CD145E18006D2B6CD1252C09BF55DBF35355CC3C7D0B3DFFAB9F731C9518A51A20FF652C659F3EE3FB500ABB074C32E95DCA21AE0DD977
Malicious:	false
Reputation:	low
Preview:	........? ..e.....h.....i.....j.....k.....l.....n.#...o.)...p.6...r.<...s.M...t.V...v.k...w.x...y.~...z.....\|.....}...............................................................................................................................=.....I.................K.....M.....Q.....y.......................T.....}.......................>.....q.......................&.....H.....v.................^.....m...............................................j.................+.....k.........................................&.....B.......................q...............................................9.....k...................................\.............................................../.....F.....g......................B......................._.....{...................................9.................b.................L.................!.....@.....f..................... .....".....%.k...(..........,.....-.......k.../.....0.....1.5...3.U...4.....5.....6.....7.....8.....9.9...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ca.7250.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	479296
Entropy (8bit):	5.368944514747832
Encrypted:	false
SSDEEP:
MD5:	2801822F80EC74C9E4EE95BD7DC850CF
SHA1:	71F956A99C63DED75AC7F777BDD499A2B2008BE0
SHA-256:	564C8C1D4939189BCC36CBB20C6C2B8E64938EED5BE747E1236C0F5C6BE7B278
SHA-512:	A12613C952BCD649A691FE64CB63AEE88E67316F1BEAD09D62129B2BF33F41E27943116ED1256572B3C72D62031EE72E7364FEDE001248BD7F0A7AB8163D9DAB
Malicious:	false
Reputation:	low
Preview:	........7 ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r."...s.3...t.<...v.Q...w.^...y.d...z.s...\|.y...}.....................................................................................%.....E.....R.........................................6.....T.....V.....Z...........................................................5.....E.....c.....~...............................................".....5.....E.....H.....K.....T.....h.....~.........................................$.....,.....3.....E.....T.....e.....{.........................................7.....X.....a.....r.....................................................%.....9.....@.....C.....D.....M.....V.....^.....d.....v.................<.....D...................................%..........4.....?.....D.....Z...................................&.....U.....n.....s.....}........................... .....".....%.....(.$....A...+.D...,.b...-.........../.....0.....1.....3.....4.=...5.Z...6.....7.....8.....9.....;.....<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ca.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	479296
Entropy (8bit):	5.368944514747832
Encrypted:	false
SSDEEP:
MD5:	2801822F80EC74C9E4EE95BD7DC850CF
SHA1:	71F956A99C63DED75AC7F777BDD499A2B2008BE0
SHA-256:	564C8C1D4939189BCC36CBB20C6C2B8E64938EED5BE747E1236C0F5C6BE7B278
SHA-512:	A12613C952BCD649A691FE64CB63AEE88E67316F1BEAD09D62129B2BF33F41E27943116ED1256572B3C72D62031EE72E7364FEDE001248BD7F0A7AB8163D9DAB
Malicious:	false
Reputation:	low
Preview:	........7 ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r."...s.3...t.<...v.Q...w.^...y.d...z.s...\|.y...}.....................................................................................%.....E.....R.........................................6.....T.....V.....Z...........................................................5.....E.....c.....~...............................................".....5.....E.....H.....K.....T.....h.....~.........................................$.....,.....3.....E.....T.....e.....{.........................................7.....X.....a.....r.....................................................%.....9.....@.....C.....D.....M.....V.....^.....d.....v.................<.....D...................................%..........4.....?.....D.....Z...................................&.....U.....n.....s.....}........................... .....".....%.....(.$....A...+.D...,.b...-.........../.....0.....1.....3.....4.=...5.Z...6.....7.....8.....9.....;.....<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\cs.7280.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	483906
Entropy (8bit):	5.818963673913974
Encrypted:	false
SSDEEP:
MD5:	13756155A8C5CA233CB3FE3E504D93A1
SHA1:	08055D86459EB3F52283D7432B08D9FFC58C8F13
SHA-256:	EA860E06D9DFB2A46278FD9E0083D2BE8089E370B8F4AB264E717F1EC7E7FCDA
SHA-512:	064BBF132EFB888DEDD7566B0984033F472B4FFA8B9224364A616C2019D846DF3FDB723A0E0D5479A42625D91562723823943A74ED59E8299D2A20747F82EA67
Malicious:	false
Reputation:	low
Preview:	........ 3.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.............................................................................`.....m.............................8.....M.....O.....S.....{............................................... .....<.....L.....e.....t.....z.....................................................$.....3.....9.....C.....J.....d.....y........................................................... .....0.....I....._.....j.....\|...................................1.....V.....\.....h.....t.............................................................................%.....2.....9.....D.....P.......................%.....u.........................................,.....5.....?.....U.....{.............................0.....e............................................. .....".....%.....(.1...*.N...+.Q...,.o...-.........../.....0.....1.....3.&...4.C...5.d...6.....7.....8.....9.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\cs.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	483906
Entropy (8bit):	5.818963673913974
Encrypted:	false
SSDEEP:
MD5:	13756155A8C5CA233CB3FE3E504D93A1
SHA1:	08055D86459EB3F52283D7432B08D9FFC58C8F13
SHA-256:	EA860E06D9DFB2A46278FD9E0083D2BE8089E370B8F4AB264E717F1EC7E7FCDA
SHA-512:	064BBF132EFB888DEDD7566B0984033F472B4FFA8B9224364A616C2019D846DF3FDB723A0E0D5479A42625D91562723823943A74ED59E8299D2A20747F82EA67
Malicious:	false
Reputation:	low
Preview:	........ 3.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.............................................................................`.....m.............................8.....M.....O.....S.....{............................................... .....<.....L.....e.....t.....z.....................................................$.....3.....9.....C.....J.....d.....y........................................................... .....0.....I....._.....j.....\|...................................1.....V.....\.....h.....t.............................................................................%.....2.....9.....D.....P.......................%.....u.........................................,.....5.....?.....U.....{.............................0.....e............................................. .....".....%.....(.1...*.N...+.Q...,.o...-.........../.....0.....1.....3.&...4.C...5.d...6.....7.....8.....9.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\da.72C0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	441451
Entropy (8bit):	5.424564392492449
Encrypted:	false
SSDEEP:
MD5:	02C2A0359AF6E5DDB10AE84FCCE0878F
SHA1:	A0C505A9BDC1730A727E375B5F4E96DF6ACC27BD
SHA-256:	9C1D4075D3D27256E826A3FEDC734621D990E13001772386937BCED53D9E53ED
SHA-512:	57A59274ADF4F09B6A279CAC98D7B5479B518EAE2F4369EC591E239D4B0CD817B5AD3DD20527A0EF66E8B4CD342ECCF6AD2F631DC7A747F58D4A48EBF3FDBDC1
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.....l.)...n.1...o.6...p.C...r.I...s.Z...t.c...v.x...w.....y.....z.....\|.....}...............................................................................'.....7.....K.....S.........................................!.....:.....<.....@.....h.....}...........................................................,.....<.....B.....J.....Z.....~.................................................................$.....;.....R.....h...................................................................................N.....W.....x..........................................................."...../.....:.....N.....`.....t.....{.....~...............................................$.....b.....f...........................................................#.....1.....N.....e...................................3.....7.....@.....O.....b.....l.....{... .....".....%.....(.....*.....+.....,.....-.).....M.../.a...0.k...1.....3.....4.....5.....6.....7.....8.-...9.:...;.J...<.R...=.].

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\da.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	441451
Entropy (8bit):	5.424564392492449
Encrypted:	false
SSDEEP:
MD5:	02C2A0359AF6E5DDB10AE84FCCE0878F
SHA1:	A0C505A9BDC1730A727E375B5F4E96DF6ACC27BD
SHA-256:	9C1D4075D3D27256E826A3FEDC734621D990E13001772386937BCED53D9E53ED
SHA-512:	57A59274ADF4F09B6A279CAC98D7B5479B518EAE2F4369EC591E239D4B0CD817B5AD3DD20527A0EF66E8B4CD342ECCF6AD2F631DC7A747F58D4A48EBF3FDBDC1
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.....l.)...n.1...o.6...p.C...r.I...s.Z...t.c...v.x...w.....y.....z.....\|.....}...............................................................................'.....7.....K.....S.........................................!.....:.....<.....@.....h.....}...........................................................,.....<.....B.....J.....Z.....~.................................................................$.....;.....R.....h...................................................................................N.....W.....x..........................................................."...../.....:.....N.....`.....t.....{.....~...............................................$.....b.....f...........................................................#.....1.....N.....e...................................3.....7.....@.....O.....b.....l.....{... .....".....%.....(.....*.....+.....,.....-.).....M.../.a...0.k...1.....3.....4.....5.....6.....7.....8.-...9.:...;.J...<.R...=.].

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\de.730F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	477657
Entropy (8bit):	5.463570615570038
Encrypted:	false
SSDEEP:
MD5:	8298294183F82E57C206C1E99EE25718
SHA1:	43577B11ED64CA903397810C19F0A5532AEE7342
SHA-256:	E6F81A9A41B9F1BDA2CE7F36E3A5295AAA2D0EC50954B1866D4A0E3392B37152
SHA-512:	65ADEA86DB177B13F7ABFAEF7763EA74B966B3807DBBFD3DEC09CC7451B923C3C0A09A3DC7562F0E7096839D69AEC7610D82DFAFFF1817D210A1716633370CC9
Malicious:	false
Reputation:	low
Preview:	..........r.e. ...h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z.....\|.....}.................................................".....#.....$.....&....._.....p.....................................................;.....g.....}...........................................................&.....N.....b.....p...............................................9.....M.....T....._.....w.....................................................7.....`.......................................................................8.....I.....b.....s......................................... .....#.....6.....L.....`.....y.................................................................@.............................$.....N.....y...........................................................).....I.....g.....................................................&... ....".7...%._...(.\|........+.....,.....-.........../.....0.%...1.J...3.X...4.....5.....6.....7.....8.....9.....;.-...<.7...=.E.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\de.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	477657
Entropy (8bit):	5.463570615570038
Encrypted:	false
SSDEEP:
MD5:	8298294183F82E57C206C1E99EE25718
SHA1:	43577B11ED64CA903397810C19F0A5532AEE7342
SHA-256:	E6F81A9A41B9F1BDA2CE7F36E3A5295AAA2D0EC50954B1866D4A0E3392B37152
SHA-512:	65ADEA86DB177B13F7ABFAEF7763EA74B966B3807DBBFD3DEC09CC7451B923C3C0A09A3DC7562F0E7096839D69AEC7610D82DFAFFF1817D210A1716633370CC9
Malicious:	false
Reputation:	low
Preview:	..........r.e. ...h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z.....\|.....}.................................................".....#.....$.....&....._.....p.....................................................;.....g.....}...........................................................&.....N.....b.....p...............................................9.....M.....T....._.....w.....................................................7.....`.......................................................................8.....I.....b.....s......................................... .....#.....6.....L.....`.....y.................................................................@.............................$.....N.....y...........................................................).....I.....g.....................................................&... ....".7...%._...(.\|........+.....,.....-.........../.....0.%...1.J...3.X...4.....5.....6.....7.....8.....9.....;.-...<.7...=.E.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\el.735E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	847111
Entropy (8bit):	4.773353666970062
Encrypted:	false
SSDEEP:
MD5:	C42DC1DDE8D4C57A7C606FD7E2CE12F0
SHA1:	264280308F31C165DD9CB410A21B44AD025A42D6
SHA-256:	7E68956B7D03E9B74D3A1476941999B2907ABDE3741DEBEE209DEA7868BE5964
SHA-512:	F7959BA77A064AD40111860C0D836866ECCAEAC3FDECED342AC6F2805BF4D70D67AC08BA0CFAAB604E108F0D5559FD6F0ECB3147748930405C3A035E8E02E61C
Malicious:	false
Reputation:	low
Preview:	........9 ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.$...s.5...t.>...v.S...w.`...y.f...z.u...\|.{...}.........................................................................,.....S.....x.................\...................................k...................................M.....].....x.......................=.....N.....s...................................6.....e.............................D.....q.....{.....~.......................".....j................._.....\|.........................................4.....L.....l.......................F.....k.................6.....U.....f...................................$.....Q.....~.....................................................3...........X.............................................................................\.................".....\.................c.............................).....>.....K... .^...".....%.....(.....*.S...+.V...,.t...-.......+.../.S...0.z...1.....3.....4.h...5.....6.....7.G...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\el.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	847111
Entropy (8bit):	4.773353666970062
Encrypted:	false
SSDEEP:
MD5:	C42DC1DDE8D4C57A7C606FD7E2CE12F0
SHA1:	264280308F31C165DD9CB410A21B44AD025A42D6
SHA-256:	7E68956B7D03E9B74D3A1476941999B2907ABDE3741DEBEE209DEA7868BE5964
SHA-512:	F7959BA77A064AD40111860C0D836866ECCAEAC3FDECED342AC6F2805BF4D70D67AC08BA0CFAAB604E108F0D5559FD6F0ECB3147748930405C3A035E8E02E61C
Malicious:	false
Reputation:	low
Preview:	........9 ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.$...s.5...t.>...v.S...w.`...y.f...z.u...\|.{...}.........................................................................,.....S.....x.................\...................................k...................................M.....].....x.......................=.....N.....s...................................6.....e.............................D.....q.....{.....~.......................".....j................._.....\|.........................................4.....L.....l.......................F.....k.................6.....U.....f...................................$.....Q.....~.....................................................3...........X.............................................................................\.................".....\.................c.............................).....>.....K... .^...".....%.....(.....*.S...+.V...,.t...-.......+.../.S...0.z...1.....3.....4.h...5.....6.....7.G...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\en-73BD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	382770
Entropy (8bit):	5.483290639109639
Encrypted:	false
SSDEEP:
MD5:	C28C3A9B41D0BE77C1C111D61CC64B04
SHA1:	13DE1BB7D64915E0738DEFCC0DF2C8450D81ED7D
SHA-256:	B0AF551F312FC94F829F7F57925A642E522557331940C318C9AF62CB2BD5E146
SHA-512:	3B2D9304541573A838A0F6C8113B2771000634E508365BF8FB61F0D4D3CB60839CB8C69A7B893ABDAB49E1DD8CC6E18F0F73B41B4C3FEDFED7162C48FC7910F7
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.............................................................................8.....A.....X.....`.....j...........................................................).....9.....@.....L.....g.....y...........................................................).....-.....5.....A.....N.....R.....U.....[.....k.....z.............................................................................4.....;.....J.....y.....................................................!...../.....B.....E.....V.....f.....v...................................................................................?.....g.....n............................................................................C.....f.................................................................... .....".7...%.W...(.n...*.....+.....,.....-.........../.....0.....1.'...3.5...4.I...5.`...6.....7.....8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\en-740C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	386065
Entropy (8bit):	5.47376907110044
Encrypted:	false
SSDEEP:
MD5:	CEF5BEEB512610F3A4F54C825CCC39DD
SHA1:	72556B1CCF4DA58E92C1C62A1A945B539DB48210
SHA-256:	7FD1B8A74A0421C6D23C3951F8FB3AA12B05C14667FF6862B709A0B26446AE22
SHA-512:	AC5483367E622EEF7F97DFD4344051DD9F8DA807F219A4ED0831A4B4B8AACE45B1AE64286708F742BC5B23C0725AEC62DAA48EF3BEC839D4696290B9DEAAD6B1
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j. ...k./...l.:...n.B...o.G...p.T...r.Z...s.k...t.t...v.....w.....y.....z.....\|.....}.........................................................................,.....9.....H.....X....._...............................................(................V.....f.....}.......................................................................".....2.....C.....L.....y...................................................................................,.....A.....M.....R.....Z.....a.....g.....p.....{.....................................................H.....i.....r.....{.......................................................................".....#..........2.....:.....A.....F.....Q.....v.........................................5.....;.....M.....Q.....[.....`.....d.....t.........................................=.....R.....V.....].....h.....z............... .....".....%.....(.....*.....+.....,.....-.......A.../.O...0.X...1.....3.....4.....5.....6.....7.....8.....9.(...;.9.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\en-GB.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	382770
Entropy (8bit):	5.483290639109639
Encrypted:	false
SSDEEP:
MD5:	C28C3A9B41D0BE77C1C111D61CC64B04
SHA1:	13DE1BB7D64915E0738DEFCC0DF2C8450D81ED7D
SHA-256:	B0AF551F312FC94F829F7F57925A642E522557331940C318C9AF62CB2BD5E146
SHA-512:	3B2D9304541573A838A0F6C8113B2771000634E508365BF8FB61F0D4D3CB60839CB8C69A7B893ABDAB49E1DD8CC6E18F0F73B41B4C3FEDFED7162C48FC7910F7
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.............................................................................8.....A.....X.....`.....j...........................................................).....9.....@.....L.....g.....y...........................................................).....-.....5.....A.....N.....R.....U.....[.....k.....z.............................................................................4.....;.....J.....y.....................................................!...../.....B.....E.....V.....f.....v...................................................................................?.....g.....n............................................................................C.....f.................................................................... .....".7...%.W...(.n...*.....+.....,.....-.........../.....0.....1.'...3.5...4.I...5.`...6.....7.....8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\en-US.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	386065
Entropy (8bit):	5.47376907110044
Encrypted:	false
SSDEEP:
MD5:	CEF5BEEB512610F3A4F54C825CCC39DD
SHA1:	72556B1CCF4DA58E92C1C62A1A945B539DB48210
SHA-256:	7FD1B8A74A0421C6D23C3951F8FB3AA12B05C14667FF6862B709A0B26446AE22
SHA-512:	AC5483367E622EEF7F97DFD4344051DD9F8DA807F219A4ED0831A4B4B8AACE45B1AE64286708F742BC5B23C0725AEC62DAA48EF3BEC839D4696290B9DEAAD6B1
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j. ...k./...l.:...n.B...o.G...p.T...r.Z...s.k...t.t...v.....w.....y.....z.....\|.....}.........................................................................,.....9.....H.....X....._...............................................(................V.....f.....}.......................................................................".....2.....C.....L.....y...................................................................................,.....A.....M.....R.....Z.....a.....g.....p.....{.....................................................H.....i.....r.....{.......................................................................".....#..........2.....:.....A.....F.....Q.....v.........................................5.....;.....M.....Q.....[.....`.....d.....t.........................................=.....R.....V.....].....h.....z............... .....".....%.....(.....*.....+.....,.....-.......A.../.O...0.X...1.....3.....4.....5.....6.....7.....8.....9.(...;.9.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\es-419.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	467745
Entropy (8bit):	5.352734716263535
Encrypted:	false
SSDEEP:
MD5:	A59F0D2B8FB80ACA94A4A2BAB1FC86F4
SHA1:	B89691404C36F8215A90CD51ACCE3A771F457BEC
SHA-256:	0EB39FFA161D876FC54EECA00B5227A85A4B5DDDD3E5B050A90A493C301F7155
SHA-512:	77076A1F526E430B4F9C6D322C6A8C68385783A8ADF3C682A07343A6958D5011DEDB82F72B619C98ADAAADC71240813A8889B5BC69A3C5E05060448FBCF7D65A
Malicious:	false
Reputation:	low
Preview:	........N ..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...r.Q...s.b...t.k...v.....w.....y.....z.....\|.....}...............................................................................0.....?.....T.....b.........................................e.....\|.....~.....................................................$.....E.....U.....f...............................................5.....N.....T.....a.....w.....................................................4.....Y.....~.................................................................;.....H.....d.....p............................................... .....1.....D.....W.....o.................................................................!.....n.............................@.....q...........................................................F.....e...............................................6.....A.....N... .Z...".n...%.....(.....*.....+.....,.....-.......8.../.V...0._...1.....3.....4.....5.....6.1...7.C...8.[...9.m...;.\|...<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\es-744B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	467745
Entropy (8bit):	5.352734716263535
Encrypted:	false
SSDEEP:
MD5:	A59F0D2B8FB80ACA94A4A2BAB1FC86F4
SHA1:	B89691404C36F8215A90CD51ACCE3A771F457BEC
SHA-256:	0EB39FFA161D876FC54EECA00B5227A85A4B5DDDD3E5B050A90A493C301F7155
SHA-512:	77076A1F526E430B4F9C6D322C6A8C68385783A8ADF3C682A07343A6958D5011DEDB82F72B619C98ADAAADC71240813A8889B5BC69A3C5E05060448FBCF7D65A
Malicious:	false
Reputation:	low
Preview:	........N ..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...r.Q...s.b...t.k...v.....w.....y.....z.....\|.....}...............................................................................0.....?.....T.....b.........................................e.....\|.....~.....................................................$.....E.....U.....f...............................................5.....N.....T.....a.....w.....................................................4.....Y.....~.................................................................;.....H.....d.....p............................................... .....1.....D.....W.....o.................................................................!.....n.............................@.....q...........................................................F.....e...............................................6.....A.....N... .Z...".n...%.....(.....*.....+.....,.....-.......8.../.V...0._...1.....3.....4.....5.....6.1...7.C...8.[...9.m...;.\|...<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\es.74C9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	466991
Entropy (8bit):	5.327472198048266
Encrypted:	false
SSDEEP:
MD5:	A0820948A3DBDE6308567CDAD853AFD8
SHA1:	A0A8657E37C488901ECD282389F9EE3949A5EAFE
SHA-256:	427D02850FAB6E7AB4B96B286072FAD3E50FAEF214CEE5F87F4409CA7439290A
SHA-512:	92CA21950F026724B701410460F09922C48D06BEEF50BD068F6C73F90461197B55A9FBF4AB59793030ED224D5FC57BB684BAD8E15A83A1979196FAD94C7466CB
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.....l. ...n.(...o.-...p.:...r.@...s.Q...t.Z...v.o...w.\|...y.....z.....\|.....}...............................................................................).....9.....N.....\.........................................`.....x.....z.....~.....................................................B.....R.....b.....................................................7.....=.....J.....W.....l.....r.....u.....{...................................B.....f.....v.....\|.....................................................#.....0.....I.....\...........................................................1.....D.....\.....t.................................................................d.............................;.....o.....~.....................................................B.....a.....{.........................................".....-.....:... .F...".Z...%.v...(.....*.....+.....,.....-.........../.1...0.8...1.m...3.....4.....5.....6.....7.....8.0...9.B...;.S...<.b...=.p.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\es.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	466991
Entropy (8bit):	5.327472198048266
Encrypted:	false
SSDEEP:
MD5:	A0820948A3DBDE6308567CDAD853AFD8
SHA1:	A0A8657E37C488901ECD282389F9EE3949A5EAFE
SHA-256:	427D02850FAB6E7AB4B96B286072FAD3E50FAEF214CEE5F87F4409CA7439290A
SHA-512:	92CA21950F026724B701410460F09922C48D06BEEF50BD068F6C73F90461197B55A9FBF4AB59793030ED224D5FC57BB684BAD8E15A83A1979196FAD94C7466CB
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.....l. ...n.(...o.-...p.:...r.@...s.Q...t.Z...v.o...w.\|...y.....z.....\|.....}...............................................................................).....9.....N.....\.........................................`.....x.....z.....~.....................................................B.....R.....b.....................................................7.....=.....J.....W.....l.....r.....u.....{...................................B.....f.....v.....\|.....................................................#.....0.....I.....\...........................................................1.....D.....\.....t.................................................................d.............................;.....o.....~.....................................................B.....a.....{.........................................".....-.....:... .F...".Z...%.v...(.....*.....+.....,.....-.........../.1...0.8...1.m...3.....4.....5.....6.....7.....8.0...9.B...;.S...<.b...=.p.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\et.7509.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	423792
Entropy (8bit):	5.433121465483232
Encrypted:	false
SSDEEP:
MD5:	475E9B8FD4D5655E79AA9A3F8B8608E6
SHA1:	7638D02BAB715DBEC48473122A14CEE4FC59E861
SHA-256:	708934F6CB830719E2F4CACFE82B042C88D147DE2430CCDEE68E2F7159CCC4FC
SHA-512:	12C38C5223F6AC0C17A58FF3704B115896C4F8CD593292E41D0FB9EB80C9740D1B9D0E8A6D63B476072EB8B31076AB8660862E51BAC22A93CD47C5C2B8CC32C6
Malicious:	false
Reputation:	low
Preview:	........Z ..e.....h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....\|.....}.........................................................................J.....Z.....l.........................................$.....[...........................................................).....5.....@.....d.....t........................................................... .....&.....-.....=.....M.....Q.....T.....[.....o................................................................. .....,.....C.....Y.....d.....p.........................................(.....5.....A.....O.....b.....e.....u...................................................................................D...................................2.....f.....r.....}.....................................................&.....7.....]................................................... .....".....%.7...(.a...*.}...+.....,.....-.........../.....0.....1.'...3.2...4.I...5.i...6.....7.....8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\et.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	423792
Entropy (8bit):	5.433121465483232
Encrypted:	false
SSDEEP:
MD5:	475E9B8FD4D5655E79AA9A3F8B8608E6
SHA1:	7638D02BAB715DBEC48473122A14CEE4FC59E861
SHA-256:	708934F6CB830719E2F4CACFE82B042C88D147DE2430CCDEE68E2F7159CCC4FC
SHA-512:	12C38C5223F6AC0C17A58FF3704B115896C4F8CD593292E41D0FB9EB80C9740D1B9D0E8A6D63B476072EB8B31076AB8660862E51BAC22A93CD47C5C2B8CC32C6
Malicious:	false
Reputation:	low
Preview:	........Z ..e.....h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....\|.....}.........................................................................J.....Z.....l.........................................$.....[...........................................................).....5.....@.....d.....t........................................................... .....&.....-.....=.....M.....Q.....T.....[.....o................................................................. .....,.....C.....Y.....d.....p.........................................(.....5.....A.....O.....b.....e.....u...................................................................................D...................................2.....f.....r.....}.....................................................&.....7.....]................................................... .....".....%.7...(.a...*.}...+.....,.....-.........../.....0.....1.'...3.2...4.I...5.i...6.....7.....8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fa.7558.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	688097
Entropy (8bit):	5.055853895916019
Encrypted:	false
SSDEEP:
MD5:	3E971334AB4340FABDBE560EF4107AB4
SHA1:	E8FDCF360364697F2A2C917BF9BE4E3529819404
SHA-256:	46B6C156E7B1D8E0B3E57772240DA65B2546B1A0A8F3BBC64DA7258EC008ACD8
SHA-512:	1DEDD6FFB86D6C1B7A806DE4A20528FE6A72B3426A72A2676E44242936C58F24411FBCBDEFB064EE2758CC20B260091F44DF00B26A099C7CDDA268EC7E18099A
Malicious:	false
Reputation:	low
Preview:	..........Y.e.R...h.Z...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............!.....).....1.....9.....@.....G.....N.....P.....U.......................................................................v...................................".....(.....=.....[.....n.............................B.....[.....c.....v.......................+.....7.....H.....d...............................................=.....p....................................................>.....s...................................8.....L...................................$.....K.....N.....c.....................................................(.....9.....G.....N.....b...........>.................%.....F.....^...............................................@.....z.......................+.....X...................................(.....;.....H... .[...".y...%.....(..........+.....,.7...-.[........./.....0.....1.....3. ...4.Q...5.....6.....7.....8.T...9.m...;.}...<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fa.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	688097
Entropy (8bit):	5.055853895916019
Encrypted:	false
SSDEEP:
MD5:	3E971334AB4340FABDBE560EF4107AB4
SHA1:	E8FDCF360364697F2A2C917BF9BE4E3529819404
SHA-256:	46B6C156E7B1D8E0B3E57772240DA65B2546B1A0A8F3BBC64DA7258EC008ACD8
SHA-512:	1DEDD6FFB86D6C1B7A806DE4A20528FE6A72B3426A72A2676E44242936C58F24411FBCBDEFB064EE2758CC20B260091F44DF00B26A099C7CDDA268EC7E18099A
Malicious:	false
Reputation:	low
Preview:	..........Y.e.R...h.Z...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............!.....).....1.....9.....@.....G.....N.....P.....U.......................................................................v...................................".....(.....=.....[.....n.............................B.....[.....c.....v.......................+.....7.....H.....d...............................................=.....p....................................................>.....s...................................8.....L...................................$.....K.....N.....c.....................................................(.....9.....G.....N.....b...........>.................%.....F.....^...............................................@.....z.......................+.....X...................................(.....;.....H... .[...".y...%.....(..........+.....,.7...-.[........./.....0.....1.....3. ...4.Q...5.....6.....7.....8.T...9.m...;.}...<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fi.7598.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	431212
Entropy (8bit):	5.407496331636268
Encrypted:	false
SSDEEP:
MD5:	B765DD2E2A95ABDACCDD6D8A39CCCBCF
SHA1:	DD82933D7C53AEAB18534305481C25C22EBA51DB
SHA-256:	3A920793C851DAAE7253D34B1A3B8491C3927FF875CC673C7FE97F079758B618
SHA-512:	0DABBA2F5B04E9311F7354E0006182DF150D7FD143737EF39C3FDCD76C0A98B00CD310A82037E04B003055586DDD122F8A60E92B09BB1DFBC0307C887A534B40
Malicious:	false
Reputation:	low
Preview:	..........\.e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....U...............................................-.....4.....D.............................................../.....4.....B.....L.....[.....g...........................................................-.....:.....B.....I.....[.....s.....w...............................................(.....D.....N.....S.....[.....b.....n.....{.....................................................<.....^.....f.....v.........................................................................................&.....-.....4.....C................. .....(.....o.................................................................5.....Q.....s...............................................'.....8.....@.....M... .X...".k...%.....(.....*.....+.....,.....-.......4.../.J...0.X...1.....3.....4.....5.....6.....7.-...8.M...9.`...;.....<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fi.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	431212
Entropy (8bit):	5.407496331636268
Encrypted:	false
SSDEEP:
MD5:	B765DD2E2A95ABDACCDD6D8A39CCCBCF
SHA1:	DD82933D7C53AEAB18534305481C25C22EBA51DB
SHA-256:	3A920793C851DAAE7253D34B1A3B8491C3927FF875CC673C7FE97F079758B618
SHA-512:	0DABBA2F5B04E9311F7354E0006182DF150D7FD143737EF39C3FDCD76C0A98B00CD310A82037E04B003055586DDD122F8A60E92B09BB1DFBC0307C887A534B40
Malicious:	false
Reputation:	low
Preview:	..........\.e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....U...............................................-.....4.....D.............................................../.....4.....B.....L.....[.....g...........................................................-.....:.....B.....I.....[.....s.....w...............................................(.....D.....N.....S.....[.....b.....n.....{.....................................................<.....^.....f.....v.........................................................................................&.....-.....4.....C................. .....(.....o.................................................................5.....Q.....s...............................................'.....8.....@.....M... .X...".k...%.....(.....*.....+.....,.....-.......4.../.J...0.X...1.....3.....4.....5.....6.....7.-...8.M...9.`...;.....<.....=.....>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fil.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	485945
Entropy (8bit):	5.17162845437788
Encrypted:	false
SSDEEP:
MD5:	9C24EAAF9BFFD0305272232C4D3FFBFE
SHA1:	16DCBA0C2CB20180C7825CC89712BA716BAF7A84
SHA-256:	92FEE781DFDF5C119CE67132E51653A9E32E69B948E0BE65ABCEF261ECB9C071
SHA-512:	10DA16A3EE9327A188A09DE82C529AC97828D8E3932E435DF9FDE435BB6DE3399B9D8FADEC3990AE76641B0CA0C9BCBA7AA73131294FDB8BD9CA8961580C0F9D
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...\|.s...}...........................................................................................%.....,.....s.....\|...................................$.....&..........S.....f...........................................................=.....P.....X.....b.....t.........................................'.....:.....B.....E.....K.....c.....w...............................................!.....(...../.....@.....N.....k.....v.........................................J.....s.....................................................!.....8.....Q.....l.....s.....v.....w...............................................M...................................A.....I.....].....a.....n.....x.....~...................................M.....m...............................................+... .2...".B...%.o...(..........+.....,.....-.........../.....0.(...1.\...3.m...4.....5.....6.....7.....8.....9.,...;.E.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fil75D7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	485945
Entropy (8bit):	5.17162845437788
Encrypted:	false
SSDEEP:
MD5:	9C24EAAF9BFFD0305272232C4D3FFBFE
SHA1:	16DCBA0C2CB20180C7825CC89712BA716BAF7A84
SHA-256:	92FEE781DFDF5C119CE67132E51653A9E32E69B948E0BE65ABCEF261ECB9C071
SHA-512:	10DA16A3EE9327A188A09DE82C529AC97828D8E3932E435DF9FDE435BB6DE3399B9D8FADEC3990AE76641B0CA0C9BCBA7AA73131294FDB8BD9CA8961580C0F9D
Malicious:	false
Reputation:	low
Preview:	......... ..e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...\|.s...}...........................................................................................%.....,.....s.....\|...................................$.....&..........S.....f...........................................................=.....P.....X.....b.....t.........................................'.....:.....B.....E.....K.....c.....w...............................................!.....(...../.....@.....N.....k.....v.........................................J.....s.....................................................!.....8.....Q.....l.....s.....v.....w...............................................M...................................A.....I.....].....a.....n.....x.....~...................................M.....m...............................................+... .2...".B...%.o...(..........+.....,.....-.........../.....0.(...1.\...3.m...4.....5.....6.....7.....8.....9.,...;.E.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fr.7636.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	507219
Entropy (8bit):	5.356101337398449
Encrypted:	false
SSDEEP:
MD5:	7E94F292B6647D4B7C5018D62CCEF6E4
SHA1:	FAAF131686540A6FD2F2F4BB7343EC6FE1A564BB
SHA-256:	A53EB293E0AA2181C702A67C7AA78F08B449DEC68F5C2312DEEB68ACEF3250A0
SHA-512:	3FF3BC67B867B574DF0EA832412698D24ED498AC5C95C74646D12396B7FD684C4F21023A872A47A9E4300CF9190331E2441979D869A51ED695FC3AD8C4E26794
Malicious:	false
Reputation:	low
Preview:	........+ (.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...\|.j...}.\|.....................................................................................................{...................................".....1.....3.....7....._.....r............................................... .....2.....W.....s.....u...............................................#.....8.....;.....>.....G....._.....q................................... .....&...........5.....;.....I.....\.....{...............................................S.....\|...........................................................,.....D.....U.....\....._.....`.....h.....p.....y.......................!.....W.....^.........................................&.....0.....9.....=.....W.....\|.......................!.....T................................................... .....".!...%.D...(.W...*.s...+.v...,.....-.........../.....0.....1.J...3.]...4.{...5.....6.....7.....8.....9.&...;.9...<.G...=.Y.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\fr.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	507219
Entropy (8bit):	5.356101337398449
Encrypted:	false
SSDEEP:
MD5:	7E94F292B6647D4B7C5018D62CCEF6E4
SHA1:	FAAF131686540A6FD2F2F4BB7343EC6FE1A564BB
SHA-256:	A53EB293E0AA2181C702A67C7AA78F08B449DEC68F5C2312DEEB68ACEF3250A0
SHA-512:	3FF3BC67B867B574DF0EA832412698D24ED498AC5C95C74646D12396B7FD684C4F21023A872A47A9E4300CF9190331E2441979D869A51ED695FC3AD8C4E26794
Malicious:	false
Reputation:	low
Preview:	........+ (.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...\|.j...}.\|.....................................................................................................{...................................".....1.....3.....7....._.....r............................................... .....2.....W.....s.....u...............................................#.....8.....;.....>.....G....._.....q................................... .....&...........5.....;.....I.....\.....{...............................................S.....\|...........................................................,.....D.....U.....\....._.....`.....h.....p.....y.......................!.....W.....^.........................................&.....0.....9.....=.....W.....\|.......................!.....T................................................... .....".!...%.D...(.W...*.s...+.v...,.....-.........../.....0.....1.J...3.]...4.{...5.....6.....7.....8.....9.&...;.9...<.G...=.Y.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\gu.7675.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	976334
Entropy (8bit):	4.345531712466131
Encrypted:	false
SSDEEP:
MD5:	263D3787BA10F73968163A843E928F85
SHA1:	F954B8DC20166AF604E4EF13A4C3424EBBD6F8EB
SHA-256:	79DB738C4EA899651EAAF3E6E792EED41F7B19DD1644D9026260B25B2CEE4632
SHA-512:	68DF7A8AD50EEEBDF324E8AFDE413B869EBE885529B9AE0C47A2BA36534EEB8E739E99633D20066D5E6B46766A0C91CC48EA0018B84975E5E77D06B2C2B77470
Malicious:	false
Reputation:	low
Preview:	........C ..e.....h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....\|.....}.........................................................................p.............................................................................0.....<.....d.......................;.....Z.....p.............................s...................................#...................................r.....{.....~....................... .....h.................B.....b.....u.....}.............................2.....A.....m......................._.................d.....z...................................=....._.....~...............................................4.....S.....j.......................'.....I.................X.............................:.....F.....R...................................'.....^.................+.....M.....p..................... .....".....%.I...(.....*.....+.....,.....-.(.....y.../.....0.....1.;...3.R...4.....5.....6.....7.S...8.....9.....;.....<.%.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\gu.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	976334
Entropy (8bit):	4.345531712466131
Encrypted:	false
SSDEEP:
MD5:	263D3787BA10F73968163A843E928F85
SHA1:	F954B8DC20166AF604E4EF13A4C3424EBBD6F8EB
SHA-256:	79DB738C4EA899651EAAF3E6E792EED41F7B19DD1644D9026260B25B2CEE4632
SHA-512:	68DF7A8AD50EEEBDF324E8AFDE413B869EBE885529B9AE0C47A2BA36534EEB8E739E99633D20066D5E6B46766A0C91CC48EA0018B84975E5E77D06B2C2B77470
Malicious:	false
Reputation:	low
Preview:	........C ..e.....h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....\|.....}.........................................................................p.............................................................................0.....<.....d.......................;.....Z.....p.............................s...................................#...................................r.....{.....~....................... .....h.................B.....b.....u.....}.............................2.....A.....m......................._.................d.....z...................................=....._.....~...............................................4.....S.....j.......................'.....I.................X.............................:.....F.....R...................................'.....^.................+.....M.....p..................... .....".....%.I...(.....*.....+.....,.....-.(.....y.../.....0.....1.;...3.R...4.....5.....6.....7.S...8.....9.....;.....<.%.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\he.76C4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	605131
Entropy (8bit):	4.656281727020377
Encrypted:	false
SSDEEP:
MD5:	AD546E0560C7D80E2439061571DDDE15
SHA1:	988D90317BB8E46E1E29308F2DFC8929E0FC9660
SHA-256:	76E0F575C8F6B5ABB636BB3BCC5795F0E86DC45FAF0275C497786DD367A92EC0
SHA-512:	365273A5D38A3F70243840767A8F1B0EC8BF8E674BEB4CA6E40BF7D020ADE15A5898B34A9923E97C94BC44D8B8125FD0E9C616B36DDA50986400D631003E74C7
Malicious:	false
Reputation:	low
Preview:	......... =.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.%...y.+...z.:...\|.@...}.R.....Z....._.....g.....o.....w.....~.....................................................).....<.........................................N.....k.....m.....q.........................................2.....K.....................................................0.....A.....................................................!.....O.....t.............................P.....e.....o.....w.....~.........................................=.....P.....l.......................!.....6.....K.....g.....................................................'...........1.....2.....<.....Q.....[.....f.....z...........?.......................:.....X.....................................................?.....W............................._.....z....................................... .....".....%.<...(.Y...*.z...+.}...,.....-.........../.....0.....1.R...3.g...4.....5.....6.....7.....8.,...9.@...;.U...<.o.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\he.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	605131
Entropy (8bit):	4.656281727020377
Encrypted:	false
SSDEEP:
MD5:	AD546E0560C7D80E2439061571DDDE15
SHA1:	988D90317BB8E46E1E29308F2DFC8929E0FC9660
SHA-256:	76E0F575C8F6B5ABB636BB3BCC5795F0E86DC45FAF0275C497786DD367A92EC0
SHA-512:	365273A5D38A3F70243840767A8F1B0EC8BF8E674BEB4CA6E40BF7D020ADE15A5898B34A9923E97C94BC44D8B8125FD0E9C616B36DDA50986400D631003E74C7
Malicious:	false
Reputation:	low
Preview:	......... =.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.%...y.+...z.:...\|.@...}.R.....Z....._.....g.....o.....w.....~.....................................................).....<.........................................N.....k.....m.....q.........................................2.....K.....................................................0.....A.....................................................!.....O.....t.............................P.....e.....o.....w.....~.........................................=.....P.....l.......................!.....6.....K.....g.....................................................'...........1.....2.....<.....Q.....[.....f.....z...........?.......................:.....X.....................................................?.....W............................._.....z....................................... .....".....%.<...(.Y...*.z...+.}...,.....-.........../.....0.....1.R...3.g...4.....5.....6.....7.....8.,...9.@...;.U...<.o.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hi.7704.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1035551
Entropy (8bit):	4.314619631295274
Encrypted:	false
SSDEEP:
MD5:	6B6C43783C0ED8E25EB6DC2AEF2C9E88
SHA1:	7039712C5B5F91BA28105107D666D934611ADEAF
SHA-256:	0E05FAE30CDF2EFD1FD729A40CEDA78CFFD9B198B005427C939D8D5F3610D3CC
SHA-512:	06FD619B902DEE798E2A2574D16B6F9CF01947131FB52ADBA334868680EFCEA3D7147B9AE963C896E8B2A54FE0DA6A1EB38558A129FB619D8217A3F3C991240C
Malicious:	false
Reputation:	low
Preview:	......... >.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.&...w.3...y.9...z.H...\|.N...}.`.....h.....m.....u.....}...............................................0.....R.....w.................P.....i..........................................................7.....e.............................8.......................9.....e.....u.....................................................=.....y...................................L.................4.....z...............................................j.....\|........... .....E.....b.................<.............................2.....\|...................................=.....p.....w.....z.....\|.........................................`...................................h.........................................C.............................:.................).....8.....]........................... .....".....%.u...(..........+.....,.....-.G........./.....0.....1.....3.....4.....5.....6.~...7.....8.....9.=...;.}...<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hi.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1035551
Entropy (8bit):	4.314619631295274
Encrypted:	false
SSDEEP:
MD5:	6B6C43783C0ED8E25EB6DC2AEF2C9E88
SHA1:	7039712C5B5F91BA28105107D666D934611ADEAF
SHA-256:	0E05FAE30CDF2EFD1FD729A40CEDA78CFFD9B198B005427C939D8D5F3610D3CC
SHA-512:	06FD619B902DEE798E2A2574D16B6F9CF01947131FB52ADBA334868680EFCEA3D7147B9AE963C896E8B2A54FE0DA6A1EB38558A129FB619D8217A3F3C991240C
Malicious:	false
Reputation:	low
Preview:	......... >.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.&...w.3...y.9...z.H...\|.N...}.`.....h.....m.....u.....}...............................................0.....R.....w.................P.....i..........................................................7.....e.............................8.......................9.....e.....u.....................................................=.....y...................................L.................4.....z...............................................j.....\|........... .....E.....b.................<.............................2.....\|...................................=.....p.....w.....z.....\|.........................................`...................................h.........................................C.............................:.................).....8.....]........................... .....".....%.u...(..........+.....,.....-.G........./.....0.....1.....3.....4.....5.....6.~...7.....8.....9.=...;.}...<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hr.7763.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	468589
Entropy (8bit):	5.494641061372762
Encrypted:	false
SSDEEP:
MD5:	83B0DF9371D6E519E01D0AA268187ED6
SHA1:	76235009B8206FA9C101F8B7EC80447C4A87CCAE
SHA-256:	4B88B49A2701CDB724C2509E26754CFBB80B9F661D49D435FAEE822B9AA90196
SHA-512:	E5D092C3A872D3D82ABD61E8B8B4F1CEFC1DFD7F531092B96BA5DDAF3FF2668682FEA21CD7B2CCDC8A04328C29E0BC6837C85A1051829050492D24BF1DD7D416
Malicious:	false
Reputation:	low
Preview:	........Z ..e.....h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....\|.....}.........................................................................A.....M.....Y.....g.....m...................................+.....X.....i.....k.....o..........................................................<.....K.....b.....r.....x...........................................................".....'..........0.....D.....V.....f.....{...........................................................0.....D.....O.....f.........................................(.....4.....E.....P.....d..................................................................................."..........6.....~.......................Y.....u..........................................................T.....l.............................2.....F.....N.....X.....f..................... .....".....%.....(.....*.....+.!...,.?...-.X.....\|.../.....0.....1.....3.....4.....5.....6.W...7.p...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hr.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	468589
Entropy (8bit):	5.494641061372762
Encrypted:	false
SSDEEP:
MD5:	83B0DF9371D6E519E01D0AA268187ED6
SHA1:	76235009B8206FA9C101F8B7EC80447C4A87CCAE
SHA-256:	4B88B49A2701CDB724C2509E26754CFBB80B9F661D49D435FAEE822B9AA90196
SHA-512:	E5D092C3A872D3D82ABD61E8B8B4F1CEFC1DFD7F531092B96BA5DDAF3FF2668682FEA21CD7B2CCDC8A04328C29E0BC6837C85A1051829050492D24BF1DD7D416
Malicious:	false
Reputation:	low
Preview:	........Z ..e.....h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....\|.....}.........................................................................A.....M.....Y.....g.....m...................................+.....X.....i.....k.....o..........................................................<.....K.....b.....r.....x...........................................................".....'..........0.....D.....V.....f.....{...........................................................0.....D.....O.....f.........................................(.....4.....E.....P.....d..................................................................................."..........6.....~.......................Y.....u..........................................................T.....l.............................2.....F.....N.....X.....f..................... .....".....%.....(.....*.....+.!...,.?...-.X.....\|.../.....0.....1.....3.....4.....5.....6.W...7.p...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hu.7793.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	505216
Entropy (8bit):	5.623997372428694
Encrypted:	false
SSDEEP:
MD5:	3CD80F5BEE7BF91BA05E42DBDEFFE2B4
SHA1:	E03063A7FD8B5F5CFADBFA012376FDA244961E87
SHA-256:	0C14BC3A9162D5516D0A78AD5B38864096742B0F590769B1E348FF52BD8DDFB1
SHA-512:	482184CDDE1DEB5E31BC117583C31249394C8D7E00EF3C8301A38B0957872CBE0A38C8F596DC02C33D7854436EFFAF545ACE6F62C06571E687007470011556B7
Malicious:	false
Reputation:	low
Preview:	........# 0.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.0...w.=...y.C...z.R...\|.X...}.j.....r.....w.............................................................................%.....5.........................................I.....]....._.....c.....................................................=.....M.....^...............................................&.....B.....H.....R.....j...............................................!.....I.....q......................................................................h.....s...............................................&.....B.....E.....].....r.................................................................".....9.................f.....l.............................;.....T.....\.....j.....r.....x.............................E.....h.........................................;.....D.....R... ._...".\|...%.....(..........+.....,.....-.......H.../.j...0.t...1.....3.....4.....5.....6.....7.I...8.j...9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\hu.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	505216
Entropy (8bit):	5.623997372428694
Encrypted:	false
SSDEEP:
MD5:	3CD80F5BEE7BF91BA05E42DBDEFFE2B4
SHA1:	E03063A7FD8B5F5CFADBFA012376FDA244961E87
SHA-256:	0C14BC3A9162D5516D0A78AD5B38864096742B0F590769B1E348FF52BD8DDFB1
SHA-512:	482184CDDE1DEB5E31BC117583C31249394C8D7E00EF3C8301A38B0957872CBE0A38C8F596DC02C33D7854436EFFAF545ACE6F62C06571E687007470011556B7
Malicious:	false
Reputation:	low
Preview:	........# 0.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.0...w.=...y.C...z.R...\|.X...}.j.....r.....w.............................................................................%.....5.........................................I.....]....._.....c.....................................................=.....M.....^...............................................&.....B.....H.....R.....j...............................................!.....I.....q......................................................................h.....s...............................................&.....B.....E.....].....r.................................................................".....9.................f.....l.............................;.....T.....\.....j.....r.....x.............................E.....h.........................................;.....D.....R... ._...".\|...%.....(..........+.....,.....-.......H.../.j...0.t...1.....3.....4.....5.....6.....7.I...8.j...9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\id.77D2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	415125
Entropy (8bit):	5.353524425691112
Encrypted:	false
SSDEEP:
MD5:	979B740EB1E0F076213777078937096B
SHA1:	F1225DC1AD74F73E103BBAE7F7A889019FF3C95B
SHA-256:	2402A1BD27A66266863451BA73CE416987F8EA171928FC32652DF728A35D7A2A
SHA-512:	6C4C42332AEBCBB26A396E34E5C253B8988AC91B773ECBE443CABAA467D869ECBDD4B072AA9CA0A140557731B494E76C410741C18DB2C91F365CC74BDD9EF842
Malicious:	false
Reputation:	low
Preview:	......../ $.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.,...t.5...v.J...w.W...y.]...z.l...\|.r...}.......................................................................................................\.....d.....{.....................................................'.....H.....P.....^.....n.....v.................................................................%.....P.....e.....l.....s.................................................................'.....E.....S.....X.....`.....g.....l.....v....................................................9.....g.................................................................'.....<.....M.....T.....W.....X.....`.....h.....p.....x.....~............................. .....U.....f.....v.................................................................:.....^.....s......................................................... .....".1...%.V...(.q........+.....,.....-.........../.....0.....1. ...3.2...4.Q...5.c...6.....7.....8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\id.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	415125
Entropy (8bit):	5.353524425691112
Encrypted:	false
SSDEEP:
MD5:	979B740EB1E0F076213777078937096B
SHA1:	F1225DC1AD74F73E103BBAE7F7A889019FF3C95B
SHA-256:	2402A1BD27A66266863451BA73CE416987F8EA171928FC32652DF728A35D7A2A
SHA-512:	6C4C42332AEBCBB26A396E34E5C253B8988AC91B773ECBE443CABAA467D869ECBDD4B072AA9CA0A140557731B494E76C410741C18DB2C91F365CC74BDD9EF842
Malicious:	false
Reputation:	low
Preview:	......../ $.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.,...t.5...v.J...w.W...y.]...z.l...\|.r...}.......................................................................................................\.....d.....{.....................................................'.....H.....P.....^.....n.....v.................................................................%.....P.....e.....l.....s.................................................................'.....E.....S.....X.....`.....g.....l.....v....................................................9.....g.................................................................'.....<.....M.....T.....W.....X.....`.....h.....p.....x.....~............................. .....U.....f.....v.................................................................:.....^.....s......................................................... .....".1...%.V...(.q........+.....,.....-.........../.....0.....1. ...3.2...4.Q...5.c...6.....7.....8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\it.7802.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	465046
Entropy (8bit):	5.257696146969415
Encrypted:	false
SSDEEP:
MD5:	DC335B9277E686DE4906DC6C4A0D872B
SHA1:	A262547CB02D25766F81DA9C60600755DC3896D8
SHA-256:	0B97A49F3BFB6A5846E2B5C1DA17D046CEE271CF986304BE28928D9E4B4DE2D1
SHA-512:	B12BEBEAB5E29574B2E251162DBC15F7FF5FA7EA4955801FA2DAE12A4EA848A2F0B225DBEEE4824843CDBC85CFD5FCDB06F16F41E422ECEC26ADE2A5BF305186
Malicious:	false
Reputation:	low
Preview:	........E ..e.....h.....i.....j.....k.....l.'...n./...o.4...p.A...r.G...s.X...t.a...v.v...w.....y.....z.....\|.....}...............................................................................,.....;.....T....._.........................................?.....P.....R.....V.....~..................................................... .....2.....O.....e.....i.....~...............................................3.....7.....:.....A.....U.....k.........................................!.....).....0.....5.....?.....N.....e.....m.....{...................................!.....H.....T.....[.....g.....z.......................................................................-.....8.....B.....H.....X......................0.....u.................................................................:.....S...................................%..........2.....I.....g.....s......... .....".....%.....(.....*.....+.....,.....-.......=.../.U...0.Z...1.....3.....4.....5.....6.D...7.T...8.g...9.u...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\it.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	465046
Entropy (8bit):	5.257696146969415
Encrypted:	false
SSDEEP:
MD5:	DC335B9277E686DE4906DC6C4A0D872B
SHA1:	A262547CB02D25766F81DA9C60600755DC3896D8
SHA-256:	0B97A49F3BFB6A5846E2B5C1DA17D046CEE271CF986304BE28928D9E4B4DE2D1
SHA-512:	B12BEBEAB5E29574B2E251162DBC15F7FF5FA7EA4955801FA2DAE12A4EA848A2F0B225DBEEE4824843CDBC85CFD5FCDB06F16F41E422ECEC26ADE2A5BF305186
Malicious:	false
Reputation:	low
Preview:	........E ..e.....h.....i.....j.....k.....l.'...n./...o.4...p.A...r.G...s.X...t.a...v.v...w.....y.....z.....\|.....}...............................................................................,.....;.....T....._.........................................?.....P.....R.....V.....~..................................................... .....2.....O.....e.....i.....~...............................................3.....7.....:.....A.....U.....k.........................................!.....).....0.....5.....?.....N.....e.....m.....{...................................!.....H.....T.....[.....g.....z.......................................................................-.....8.....B.....H.....X......................0.....u.................................................................:.....S...................................%..........2.....I.....g.....s......... .....".....%.....(.....*.....+.....,.....-.......=.../.U...0.Z...1.....3.....4.....5.....6.D...7.T...8.g...9.u...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ja.7832.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	565850
Entropy (8bit):	5.730980187512928
Encrypted:	false
SSDEEP:
MD5:	8904D312CD2F15B0C98733068DDB0DB8
SHA1:	07A9DF592F9B34E2D909999E7DA0E869B5CAC574
SHA-256:	14B8609316D9C5D84FA118F293DCC38CFDC7B39CE2967765ED993B9D6905B734
SHA-512:	8F7AE7D522380D1CD4D9DFF14C5FC7F4CF03CCFA12C217EF522B60717462A9303695E2C5F72F94BD7E12BD9BDDD4E738AA7EE02A920CA40BC7566DA4A65C1B27
Malicious:	false
Reputation:	low
Preview:	............e.n...h.v...i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....\|.....}...................#...........6.....E.....J.....R.....Y.....`.....g.....i.....n...................................n...................................t...............................................).....?.....N.....o...............................................!.....H.....N...................................#.....).....,.....2.....[.............................?.....o...........................................................@.....X.............................-.....9.....Q.....l.........................................'.....N.....U.....X.....a.....j.....p.....}.................f.................B.....Z.....r.....................................................2.....G.............................<.....T.....Z.....l........................... .....".....%.....(.>....t...+.w...,.....-.........../.!...0....1.o...3.....4.....5.....6. ...7.;...8.Y...9.w...;.....<.....=.....>.....?.....@...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ja.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	565850
Entropy (8bit):	5.730980187512928
Encrypted:	false
SSDEEP:
MD5:	8904D312CD2F15B0C98733068DDB0DB8
SHA1:	07A9DF592F9B34E2D909999E7DA0E869B5CAC574
SHA-256:	14B8609316D9C5D84FA118F293DCC38CFDC7B39CE2967765ED993B9D6905B734
SHA-512:	8F7AE7D522380D1CD4D9DFF14C5FC7F4CF03CCFA12C217EF522B60717462A9303695E2C5F72F94BD7E12BD9BDDD4E738AA7EE02A920CA40BC7566DA4A65C1B27
Malicious:	false
Reputation:	low
Preview:	............e.n...h.v...i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....\|.....}...................#...........6.....E.....J.....R.....Y.....`.....g.....i.....n...................................n...................................t...............................................).....?.....N.....o...............................................!.....H.....N...................................#.....).....,.....2.....[.............................?.....o...........................................................@.....X.............................-.....9.....Q.....l.........................................'.....N.....U.....X.....a.....j.....p.....}.................f.................B.....Z.....r.....................................................2.....G.............................<.....T.....Z.....l........................... .....".....%.....(.>....t...+.w...,.....-.........../.!...0....1.o...3.....4.....5.....6. ...7.;...8.Y...9.w...;.....<.....=.....>.....?.....@...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\kn.7871.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1114656
Entropy (8bit):	4.25357982368952
Encrypted:	false
SSDEEP:
MD5:	CFC7BBB99A3FB943AEF6EA2E2C945295
SHA1:	E37542AB81DA8D9387E3AA4D45606A58DE9B6800
SHA-256:	B46CF764E98401F1BF19A5B80A74132B7ABBE4C9460DB3DF4B0FDBC52A009A63
SHA-512:	1ED8D3C4FA20615B96E705B9CA1CFA12F8DB66F799D67FC905D85E57214147A78020304DE1B71CABE54697E429193505EEA10A47DD99DC84753C988945A5A064
Malicious:	false
Reputation:	low
Preview:	........b ..e."...h....i.;...j.G...k.V...l.a...n.i...o.n...p.{...r.....s.....t.....v.....w.....y.....z.....\|.....}.................................................$.....%.....&.....+.................+.....k...........w.......................#.................k.....m.....y.................2.....M.......................=.......................`...................................................../.....`...................................[.................Y.................\.....t.....\|.............................4.....I.....x.................D.................8.............................9.............................7.....t.........................................4.....R.....e...........&...........Q.....l.........../.....W...................................@.....L.................O...........L.................N.............................T.....x......... .....".....%.U...(..........+.....,.....-.*.....~.../.....0.....1.g...3.....4.....5.#...6.....7.....8."...9.h...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\kn.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1114656
Entropy (8bit):	4.25357982368952
Encrypted:	false
SSDEEP:
MD5:	CFC7BBB99A3FB943AEF6EA2E2C945295
SHA1:	E37542AB81DA8D9387E3AA4D45606A58DE9B6800
SHA-256:	B46CF764E98401F1BF19A5B80A74132B7ABBE4C9460DB3DF4B0FDBC52A009A63
SHA-512:	1ED8D3C4FA20615B96E705B9CA1CFA12F8DB66F799D67FC905D85E57214147A78020304DE1B71CABE54697E429193505EEA10A47DD99DC84753C988945A5A064
Malicious:	false
Reputation:	low
Preview:	........b ..e."...h....i.;...j.G...k.V...l.a...n.i...o.n...p.{...r.....s.....t.....v.....w.....y.....z.....\|.....}.................................................$.....%.....&.....+.................+.....k...........w.......................#.................k.....m.....y.................2.....M.......................=.......................`...................................................../.....`...................................[.................Y.................\.....t.....\|.............................4.....I.....x.................D.................8.............................9.............................7.....t.........................................4.....R.....e...........&...........Q.....l.........../.....W...................................@.....L.................O...........L.................N.............................T.....x......... .....".....%.U...(..........+.....,.....-.*.....~.../.....0.....1.g...3.....4.....5.#...6.....7.....8."...9.h...;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ko.78D0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	474828
Entropy (8bit):	6.094599725016396
Encrypted:	false
SSDEEP:
MD5:	C67AA116B2F246A7BA64891606D049DE
SHA1:	64BA9E394943230784E669954B6A8D9293BFE4BF
SHA-256:	99AC97CBFBBDCD46BCBA6111C0ECA4DE94A3EC1C0525A765E096A29D08B9B870
SHA-512:	A2DDB8D2A8932CAD7913593C4574D28AC036B5138812883AD3DF8F83D3EAD4DDC5E7C863671FE21E92BDC06C14B039AED48A764E387C8CD6F78B196990E47BDE
Malicious:	false
Reputation:	low
Preview:	........q...e.@...h.H...i.Y...j.d...k.q...l.y...m.....o.....p.....r.....s.....t.....y.....z.....\|.....}.....................................!.....&.....-.....4.....6.....;.....w.........................................(.....5.....=...............................................@.....L.....Y.....i.....p......................................................................q.......................................................................2.....S.....w......................................................................m...................................7.....C.....Y.....f.....{...................................................................................(.................Q.....Z.......................$.....0.....C.....F.....Y....._.....h.........................................J................................................... .....".....%. ...(.R...*.....+.....,.....-.........../.1...0.=...1.....3.....4.....5.....6.....7.&...8.=...9.M...;.p...<.{...=.....>.....?.....@...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ko.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	474828
Entropy (8bit):	6.094599725016396
Encrypted:	false
SSDEEP:
MD5:	C67AA116B2F246A7BA64891606D049DE
SHA1:	64BA9E394943230784E669954B6A8D9293BFE4BF
SHA-256:	99AC97CBFBBDCD46BCBA6111C0ECA4DE94A3EC1C0525A765E096A29D08B9B870
SHA-512:	A2DDB8D2A8932CAD7913593C4574D28AC036B5138812883AD3DF8F83D3EAD4DDC5E7C863671FE21E92BDC06C14B039AED48A764E387C8CD6F78B196990E47BDE
Malicious:	false
Reputation:	low
Preview:	........q...e.@...h.H...i.Y...j.d...k.q...l.y...m.....o.....p.....r.....s.....t.....y.....z.....\|.....}.....................................!.....&.....-.....4.....6.....;.....w.........................................(.....5.....=...............................................@.....L.....Y.....i.....p......................................................................q.......................................................................2.....S.....w......................................................................m...................................7.....C.....Y.....f.....{...................................................................................(.................Q.....Z.......................$.....0.....C.....F.....Y....._.....h.........................................J................................................... .....".....%. ...(.R...*.....+.....,.....-.........../.1...0.=...1.....3.....4.....5.....6.....7.&...8.=...9.M...;.p...<.{...=.....>.....?.....@...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\lt.7910.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	508639
Entropy (8bit):	5.618031723130269
Encrypted:	false
SSDEEP:
MD5:	B0C5383DE7A6B228442DF4FB65857AB6
SHA1:	AD8675EA868E5963AD4E069AF6E509CC3A302184
SHA-256:	ED18976185E11F0FC45404781954302D8756219F0FF71B465AEBF0E3B4076510
SHA-512:	D54EA456B2B19433A80B4DF726B2A716334D415F076D1F83B0EEDCAEA56B2841D7921880DE28F8701CFBAF74C1FB35668147E64D361F73484A16971DB6E8C923
Malicious:	false
Reputation:	low
Preview:	........A ..e.....h.....i.....j.....k.....l.....n.'...o.,...p.9...r.?...s.P...t.Y...v.n...w.{...y.....z.....\|.....}..............................................................................."...../.....C.....N.........................................T.....e.....g.....k.....................................................D.....V.....e.................................................................).....F.....d.....o.....z...................................(.....N.....u.................................................................D.....W.....b.....y.....................................................".....8.....K.....].....u.................................................................1.......................0.....N.....o.....................................................X.....l.............................B.....Y.....`.....h........................... .....".....%.....(./...*.X...+.[...,.y...-.........../.....0.....1.....3./...4.O...5.w...6.....7.....8.....9.....;.+...<.<.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\lt.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	508639
Entropy (8bit):	5.618031723130269
Encrypted:	false
SSDEEP:
MD5:	B0C5383DE7A6B228442DF4FB65857AB6
SHA1:	AD8675EA868E5963AD4E069AF6E509CC3A302184
SHA-256:	ED18976185E11F0FC45404781954302D8756219F0FF71B465AEBF0E3B4076510
SHA-512:	D54EA456B2B19433A80B4DF726B2A716334D415F076D1F83B0EEDCAEA56B2841D7921880DE28F8701CFBAF74C1FB35668147E64D361F73484A16971DB6E8C923
Malicious:	false
Reputation:	low
Preview:	........A ..e.....h.....i.....j.....k.....l.....n.'...o.,...p.9...r.?...s.P...t.Y...v.n...w.{...y.....z.....\|.....}..............................................................................."...../.....C.....N.........................................T.....e.....g.....k.....................................................D.....V.....e.................................................................).....F.....d.....o.....z...................................(.....N.....u.................................................................D.....W.....b.....y.....................................................".....8.....K.....].....u.................................................................1.......................0.....N.....o.....................................................X.....l.............................B.....Y.....`.....h........................... .....".....%.....(./...*.X...+.[...,.y...-.........../.....0.....1.....3./...4.O...5.w...6.....7.....8.....9.....;.+...<.<.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\lv.793F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	507259
Entropy (8bit):	5.607220372010731
Encrypted:	false
SSDEEP:
MD5:	B6FF3AC7D7C17D871DB20B2D2C8813DC
SHA1:	591DF55937096C73657076BB37D7554485512B63
SHA-256:	4AD8A32F88ACAF28B8E68D153FA1364478C8F76FA155F3594C1B79CBB5180DA6
SHA-512:	7BC627825867126E7D14816E036F0684860015B0A9BD4E4C98E26BE19097C94D2C86A82FE78575BE5F34BFABBBCAEBBB3D368F37998562F3B61F4848388E9A98
Malicious:	false
Reputation:	low
Preview:	........N ..e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...r.Y...s.j...t.s...v.....w.....y.....z.....\|.....}.........................................................................%.....8.....K.....a.....m...................................F.....{.................................................................,.....T.....g..........................................................<.....D.....M.....^.....t.....}.....................................................!.....:.....B.....J.....Q.....c.....o......................................... .....:.....D.....................................................#.....6.....H.....a.....y.................................................................c.......................'.....G.................................................................G.....g.........................................!.....B.....O.....^... .g...".x...%.....(..........+.....,.....-.......C.../.]...0.m...1.....3.....4.....5.....6.-...7.M...8.a...9.s...<.~...=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\lv.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	507259
Entropy (8bit):	5.607220372010731
Encrypted:	false
SSDEEP:
MD5:	B6FF3AC7D7C17D871DB20B2D2C8813DC
SHA1:	591DF55937096C73657076BB37D7554485512B63
SHA-256:	4AD8A32F88ACAF28B8E68D153FA1364478C8F76FA155F3594C1B79CBB5180DA6
SHA-512:	7BC627825867126E7D14816E036F0684860015B0A9BD4E4C98E26BE19097C94D2C86A82FE78575BE5F34BFABBBCAEBBB3D368F37998562F3B61F4848388E9A98
Malicious:	false
Reputation:	low
Preview:	........N ..e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...r.Y...s.j...t.s...v.....w.....y.....z.....\|.....}.........................................................................%.....8.....K.....a.....m...................................F.....{.................................................................,.....T.....g..........................................................<.....D.....M.....^.....t.....}.....................................................!.....:.....B.....J.....Q.....c.....o......................................... .....:.....D.....................................................#.....6.....H.....a.....y.................................................................c.......................'.....G.................................................................G.....g.........................................!.....B.....O.....^... .g...".x...%.....(..........+.....,.....-.......C.../.]...0.m...1.....3.....4.....5.....6.-...7.M...8.a...9.s...<.~...=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ml.797F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1160794
Entropy (8bit):	4.2876063802567455
Encrypted:	false
SSDEEP:
MD5:	51D8246A20ECD31506F970E80BDCE968
SHA1:	97647C4B1D6947A02DD86FDBDB0444B0F5F4E27A
SHA-256:	41D9FAE0274FD5117FF6968366D7282BBB1F19D15D2918BAE6D22CAC7FFA6FCB
SHA-512:	4D0B9E1BF620F2840E4E774ADB70B1FF24CE37DB779840ACDA5AA35C2653D6971AC73D4A54F301AFC233CBD23F254808D83CD849D95069D51A1E22C1477902F0
Malicious:	false
Reputation:	low
Preview:	........\ ..e.....h.....i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....\|.....}...........................................................................................J.....e.....%.....M...................................T.....V.....Z.............................n.......................a.................B...................................H.................=.....d...................................i.................^.................q.........................................4.......................j.......................#.................O...................................O.......................8.....................................................R.................H.....f...........o...........I.........................................\...........=...........9.....z.............................e........................... ....."._...%.....(.U...*.....+.....,.....-.......v.../.....0.....1.r...3.....4.....5.3...6.....7.....8.....9.....;.....<.-.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ml.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1160794
Entropy (8bit):	4.2876063802567455
Encrypted:	false
SSDEEP:
MD5:	51D8246A20ECD31506F970E80BDCE968
SHA1:	97647C4B1D6947A02DD86FDBDB0444B0F5F4E27A
SHA-256:	41D9FAE0274FD5117FF6968366D7282BBB1F19D15D2918BAE6D22CAC7FFA6FCB
SHA-512:	4D0B9E1BF620F2840E4E774ADB70B1FF24CE37DB779840ACDA5AA35C2653D6971AC73D4A54F301AFC233CBD23F254808D83CD849D95069D51A1E22C1477902F0
Malicious:	false
Reputation:	low
Preview:	........\ ..e.....h.....i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....\|.....}...........................................................................................J.....e.....%.....M...................................T.....V.....Z.............................n.......................a.................B...................................H.................=.....d...................................i.................^.................q.........................................4.......................j.......................#.................O...................................O.......................8.....................................................R.................H.....f...........o...........I.........................................\...........=...........9.....z.............................e........................... ....."._...%.....(.U...*.....+.....,.....-.......v.../.....0.....1.r...3.....4.....5.3...6.....7.....8.....9.....;.....<.-.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\mr.79DE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	953753
Entropy (8bit):	4.320132566780911
Encrypted:	false
SSDEEP:
MD5:	0E42BA3694F80A986556C1822A88BF6C
SHA1:	F0CC9FCE578BB694196A85690F0B93C18B183ACE
SHA-256:	67D0F642E59C55550B7BCE1F482F699B96A26D2657310CA5411A7AE535EC294B
SHA-512:	892C79CA822E341C9B5176440007716F4BEB04FF0AB86CE2F5CA4D5DF8A9BBE9EA1F3B2B1476962FC61527162D329101155B8BC36E702E97791FD4DA57000DD6
Malicious:	false
Reputation:	low
Preview:	......... 7.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.-...w.:...y.@...z.O...\|.U...}.g.....o.....t.....\|.....................................................%.....G.....i.......................7.....g.....y.................l...................................?.....m.......................".....g.......................(.....D.....Z.....y.................>.....q...............................................A.....y................./.....{.........................................8.....Q.......................L.....u.......................h.............................;.....n.....q...................................P.....W.....Z.....\.....o.....~.......................o.......................x.......................).....I.....R.....g.....v.......................Y.................L.................,.....;.....Z.....}..................... .....".#...%.w...(.....*.....+.....,.....-.N........./.....0.....1.^...3.u...4.....5.....6.W...7.....8.....9.....;.C...<.Z.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\mr.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	953753
Entropy (8bit):	4.320132566780911
Encrypted:	false
SSDEEP:
MD5:	0E42BA3694F80A986556C1822A88BF6C
SHA1:	F0CC9FCE578BB694196A85690F0B93C18B183ACE
SHA-256:	67D0F642E59C55550B7BCE1F482F699B96A26D2657310CA5411A7AE535EC294B
SHA-512:	892C79CA822E341C9B5176440007716F4BEB04FF0AB86CE2F5CA4D5DF8A9BBE9EA1F3B2B1476962FC61527162D329101155B8BC36E702E97791FD4DA57000DD6
Malicious:	false
Reputation:	low
Preview:	......... 7.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.-...w.:...y.@...z.O...\|.U...}.g.....o.....t.....\|.....................................................%.....G.....i.......................7.....g.....y.................l...................................?.....m.......................".....g.......................(.....D.....Z.....y.................>.....q...............................................A.....y................./.....{.........................................8.....Q.......................L.....u.......................h.............................;.....n.....q...................................P.....W.....Z.....\.....o.....~.......................o.......................x.......................).....I.....R.....g.....v.......................Y.................L.................,.....;.....Z.....}..................... .....".#...%.w...(.....*.....+.....,.....-.N........./.....0.....1.^...3.u...4.....5.....6.W...7.....8.....9.....;.C...<.Z.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ms.7A3C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	433502
Entropy (8bit):	5.231341105970049
Encrypted:	false
SSDEEP:
MD5:	0D8A7AED2465D64873B4C02BED6BAD80
SHA1:	DFEFE814C4E6E3D844D62F398B6C542BE11B5D81
SHA-256:	44D3884B0A2A2062FF49D035FDEFC3575B5A99FFB6F1817C0AA11DC151173650
SHA-512:	0E942CA4424C830B5E4BCF9685D93DF035CDD03BBA107F4D53BEAC6D3CF41653EC3182FC70E7B4DBFE944E1E62E22F4F1507EF6146C91DF0AC54CAF9A012B57B
Malicious:	false
Reputation:	low
Preview:	........R ..e.....h.....i.....j.....k.-...l.8...n.@...o.E...p.R...r.X...s.i...t.r...v.....w.....y.....z.....\|.....}.........................................................................,.....?.....S.....m.....r........................................._.....v.....x.....\|...............................................!.....=.....I.....W.....k.....x.................................................................%.....).....,.....7.....H.....W.....k................................................................. .....;.....B.....T.....................................................&.....1.....G.....[.....^.....r.........................................................................................L................................... .....B.....M....._.....j.....t.....\|.........................................%.....=.....k............................................. .....".....%.....(.....*.9...+.<...,.Z...-.k........./.....0.....1.....3.....4.....5.&...6.b...7.y...8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ms.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	433502
Entropy (8bit):	5.231341105970049
Encrypted:	false
SSDEEP:
MD5:	0D8A7AED2465D64873B4C02BED6BAD80
SHA1:	DFEFE814C4E6E3D844D62F398B6C542BE11B5D81
SHA-256:	44D3884B0A2A2062FF49D035FDEFC3575B5A99FFB6F1817C0AA11DC151173650
SHA-512:	0E942CA4424C830B5E4BCF9685D93DF035CDD03BBA107F4D53BEAC6D3CF41653EC3182FC70E7B4DBFE944E1E62E22F4F1507EF6146C91DF0AC54CAF9A012B57B
Malicious:	false
Reputation:	low
Preview:	........R ..e.....h.....i.....j.....k.-...l.8...n.@...o.E...p.R...r.X...s.i...t.r...v.....w.....y.....z.....\|.....}.........................................................................,.....?.....S.....m.....r........................................._.....v.....x.....\|...............................................!.....=.....I.....W.....k.....x.................................................................%.....).....,.....7.....H.....W.....k................................................................. .....;.....B.....T.....................................................&.....1.....G.....[.....^.....r.........................................................................................L................................... .....B.....M....._.....j.....t.....\|.........................................%.....=.....k............................................. .....".....%.....(.....*.9...+.<...,.Z...-.k........./.....0.....1.....3.....4.....5.&...6.b...7.y...8.....9.....;...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\nb.7A6C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	424012
Entropy (8bit):	5.400196019290152
Encrypted:	false
SSDEEP:
MD5:	1E9C03568C8EF3C12632AF22DC642365
SHA1:	8717C82DA5BCEB3F355790B9A16D6179F8F3422B
SHA-256:	7277259292895EAE8B2FC4B974BFE041208D13FD9BAF22DE681B87BFEA9BB76E
SHA-512:	EC47FDFD37E30E029228060C5A2A8960C435DC5D6F36B643DB27D3EF65BF925AD972DA7FBE31BF5BE3101C2148125477234A788E20B834706F9EE6489FEAB439
Malicious:	false
Reputation:	low
Preview:	........= ..e.....h.....i.....j.....k.....l.....n.%...o....p.7...r.=...s.N...t.W...v.l...w.y...y.....z.....\|.....}.....................................................................................%.....8.....@.....~.........................................-...../.....3.....[.....o...........................................................+.....:.....@.....F.....U.....e.....t.................................................................).....>.....[.....t.............................................................................<.....G.....Q.....j.......................................................................$.....6.....F.....Z.....a.....d.....e.....l.....t...................................;.....?...............................................#.....'.....,.....=.....Z.....q...................................$.....(.....1.....>.....V.....a.....p... .u...".~...%.....(..........+.....,.....-.......5.../.F...0.K...1.z...3.....4.....5.....6.....7.....8.....9.2...;.B...<.J.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\nb.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	424012
Entropy (8bit):	5.400196019290152
Encrypted:	false
SSDEEP:
MD5:	1E9C03568C8EF3C12632AF22DC642365
SHA1:	8717C82DA5BCEB3F355790B9A16D6179F8F3422B
SHA-256:	7277259292895EAE8B2FC4B974BFE041208D13FD9BAF22DE681B87BFEA9BB76E
SHA-512:	EC47FDFD37E30E029228060C5A2A8960C435DC5D6F36B643DB27D3EF65BF925AD972DA7FBE31BF5BE3101C2148125477234A788E20B834706F9EE6489FEAB439
Malicious:	false
Reputation:	low
Preview:	........= ..e.....h.....i.....j.....k.....l.....n.%...o....p.7...r.=...s.N...t.W...v.l...w.y...y.....z.....\|.....}.....................................................................................%.....8.....@.....~.........................................-...../.....3.....[.....o...........................................................+.....:.....@.....F.....U.....e.....t.................................................................).....>.....[.....t.............................................................................<.....G.....Q.....j.......................................................................$.....6.....F.....Z.....a.....d.....e.....l.....t...................................;.....?...............................................#.....'.....,.....=.....Z.....q...................................$.....(.....1.....>.....V.....a.....p... .u...".~...%.....(..........+.....,.....-.......5.../.F...0.K...1.z...3.....4.....5.....6.....7.....8.....9.2...;.B...<.J.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\nl.7AAC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	437880
Entropy (8bit):	5.340609351145497
Encrypted:	false
SSDEEP:
MD5:	B62ABE8F42C1540EAB6CE7D249B666BE
SHA1:	76386DC4053E28350E1C91985D9B804508C00396
SHA-256:	7460F0F18ECF5305F5E622458C0AC31D9E4DC94922118B62428322D042BD3E44
SHA-512:	A9F12AD50B62B8F017B288A9956F8EEB961A549E002984F78AEBC040469D00B959E24A1EE3DC08DB9CA1CED05D84BACA800775B42ECC41593959723332EA758F
Malicious:	false
Reputation:	low
Preview:	........0 #.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.7...v.L...w.Y...y._...z.n...\|.t...}.................................................................................................(.....l.....u.....................................................,.....D.....`.....n.....~...............................................,.....1.....:.....I.....Y.....h...........................................................!.....6.....N.....r.................................................................,.....3.....H....................................................4.....B.....a.....d.....y.............................................................................,.....n.............................C.....[.................................................................6.....S.....h......................................................... .....".!...%.=...(.X....q...+.t...,.....-.........../.....0.....1.!...3.-...4.H...5.a...6.....7.....8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\nl.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	437880
Entropy (8bit):	5.340609351145497
Encrypted:	false
SSDEEP:
MD5:	B62ABE8F42C1540EAB6CE7D249B666BE
SHA1:	76386DC4053E28350E1C91985D9B804508C00396
SHA-256:	7460F0F18ECF5305F5E622458C0AC31D9E4DC94922118B62428322D042BD3E44
SHA-512:	A9F12AD50B62B8F017B288A9956F8EEB961A549E002984F78AEBC040469D00B959E24A1EE3DC08DB9CA1CED05D84BACA800775B42ECC41593959723332EA758F
Malicious:	false
Reputation:	low
Preview:	........0 #.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.7...v.L...w.Y...y._...z.n...\|.t...}.................................................................................................(.....l.....u.....................................................,.....D.....`.....n.....~...............................................,.....1.....:.....I.....Y.....h...........................................................!.....6.....N.....r.................................................................,.....3.....H....................................................4.....B.....a.....d.....y.............................................................................,.....n.............................C.....[.................................................................6.....S.....h......................................................... .....".!...%.=...(.X....q...+.t...,.....-.........../.....0.....1.!...3.-...4.H...5.a...6.....7.....8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pl.7ADC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	488931
Entropy (8bit):	5.738189136777365
Encrypted:	false
SSDEEP:
MD5:	8893A9ED358CF6B629C7AB96E4FD93A5
SHA1:	4E4A5AECA3B2CC717592D165D7F985D34B291106
SHA-256:	6CCBE6AE573D18C65BCFABBB530AED54301B3FE0B6E69006F0AF4F4CA820E46F
SHA-512:	58B6D58C92EF54AEF0CDF6F942CE955C5DD480B83E454F080347869BC584FBBE0A3D290E81191F80EE1DA9EC9F1BEB53214D1FC9754DDBB0C9845835977D9FAE
Malicious:	false
Reputation:	low
Preview:	........> ..e.....h.....i.....j.....k.....l.....n.....o.$...p.1...r.7...s.H...t.Q...v.f...w.s...y.y...z.....\|.....}.....................................................................................+.....@.....I.........................................3.....H.....J.....N.....v...........................................................'.....@.....Q.....W.....].....p.......................................................................+.....@.....U.....q.......................................................................).....9.....r....................................................3.....C.....c.....f.....u...................................................................................`.......................O.....l.....................................................%.....J.....d...................................E.....L.....V.....m..................... .....".....%.....(..........+.....,.5...-.^........./.....0.....1.....3.....4.....5.%...6.\...7.u...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pl.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	488931
Entropy (8bit):	5.738189136777365
Encrypted:	false
SSDEEP:
MD5:	8893A9ED358CF6B629C7AB96E4FD93A5
SHA1:	4E4A5AECA3B2CC717592D165D7F985D34B291106
SHA-256:	6CCBE6AE573D18C65BCFABBB530AED54301B3FE0B6E69006F0AF4F4CA820E46F
SHA-512:	58B6D58C92EF54AEF0CDF6F942CE955C5DD480B83E454F080347869BC584FBBE0A3D290E81191F80EE1DA9EC9F1BEB53214D1FC9754DDBB0C9845835977D9FAE
Malicious:	false
Reputation:	low
Preview:	........> ..e.....h.....i.....j.....k.....l.....n.....o.$...p.1...r.7...s.H...t.Q...v.f...w.s...y.y...z.....\|.....}.....................................................................................+.....@.....I.........................................3.....H.....J.....N.....v...........................................................'.....@.....Q.....W.....].....p.......................................................................+.....@.....U.....q.......................................................................).....9.....r....................................................3.....C.....c.....f.....u...................................................................................`.......................O.....l.....................................................%.....J.....d...................................E.....L.....V.....m..................... .....".....%.....(..........+.....,.5...-.^........./.....0.....1.....3.....4.....5.%...6.\...7.u...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pt-7B1B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	460090
Entropy (8bit):	5.401096632054402
Encrypted:	false
SSDEEP:
MD5:	8127E90AD5FF5397E9297E32F68619C5
SHA1:	2454FBDBA84118505F50622820FB1948E0D9BCFE
SHA-256:	E7DE54015C1B148A093239300DAD1150E3CD5F008F1D09B4EF5A3116AD94CCF3
SHA-512:	7AC32A8D9139EADD8946463623CC44E15B4F7B171F9B3FF7601EDA0AD9A516303E9407D58E0011FD7C60157271BEE41D1C25C8191B37B36AE506FCFCDC0BF5C7
Malicious:	false
Reputation:	low
Preview:	........W ..e.....h.....i.%...j.1...k.@...l.K...n.S...o.X...p.e...r.k...s.\|...t.....v.....w.....y.....z.....\|.....}.........................................................................=.....O....._...............................................4.....W.....l.....n.....r.....................................................%.....>.....X.....x...............................................2.....8.....C.....S.....`.....d.....g.....n...............................................(...........6.....=.....C.....N.....\.....t.....~...................................).....K.....U.....e.....r................................................................. .....!..........3.....<.....C.....S.............................=.....R.....i.................................................................E.....h...............................................".....-.....:... .>...".Q...%.p...(..........+.....,.....-.........../.....0.....1.F...3.Y...4.}...5.....6.....7.....8.....9.....;.....<.'...=.3.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pt-7B6A.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	462806
Entropy (8bit):	5.375478242639889
Encrypted:	false
SSDEEP:
MD5:	4C1FDF3B9594E1D40D8892E1C778E82C
SHA1:	8D748C9CC8FF7049C98057DE329E5D1F1A4FEAC3
SHA-256:	462C4AB54E1F5A604603A46BD940717B043774545E07170C025503D659606F3B
SHA-512:	3BABE493750F83599FFB532B0037F598F192424840808584996F61E564F1307142097883CA19EF68EE2E1176D3D16A93E84F0CF7E82DD5DA1107B454CEF62814
Malicious:	false
Reputation:	low
Preview:	........^ ..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...r.y...s.....t.....v.....w.....y.....z.....\|.....}...................................................................#.....L....._.....p...............................................<.....d.....v.....x.....\|.....................................................3.....C.....V.....q.....................................................&.....1.....A.....N.....R.....U.....\.....u.........................................)...../.....7.....>.....D.....O.....].....s.....{...............................................P.....[.....k.....x.....................................................".....).....,.....-.....6.....?.....H.....O.....`.............................X.....l...........................................................+.....B.....o...................................#.....+.....7.....U.....].....j... .n...".....%.....(.....*.....+.....,.....-.......7.../.R...0.]...1.....3.....4.....5.....6.....7.B...8.X...9.g...;.{...<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pt-BR.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	460090
Entropy (8bit):	5.401096632054402
Encrypted:	false
SSDEEP:
MD5:	8127E90AD5FF5397E9297E32F68619C5
SHA1:	2454FBDBA84118505F50622820FB1948E0D9BCFE
SHA-256:	E7DE54015C1B148A093239300DAD1150E3CD5F008F1D09B4EF5A3116AD94CCF3
SHA-512:	7AC32A8D9139EADD8946463623CC44E15B4F7B171F9B3FF7601EDA0AD9A516303E9407D58E0011FD7C60157271BEE41D1C25C8191B37B36AE506FCFCDC0BF5C7
Malicious:	false
Reputation:	low
Preview:	........W ..e.....h.....i.%...j.1...k.@...l.K...n.S...o.X...p.e...r.k...s.\|...t.....v.....w.....y.....z.....\|.....}.........................................................................=.....O....._...............................................4.....W.....l.....n.....r.....................................................%.....>.....X.....x...............................................2.....8.....C.....S.....`.....d.....g.....n...............................................(...........6.....=.....C.....N.....\.....t.....~...................................).....K.....U.....e.....r................................................................. .....!..........3.....<.....C.....S.............................=.....R.....i.................................................................E.....h...............................................".....-.....:... .>...".Q...%.p...(..........+.....,.....-.........../.....0.....1.F...3.Y...4.}...5.....6.....7.....8.....9.....;.....<.'...=.3.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\pt-PT.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	462806
Entropy (8bit):	5.375478242639889
Encrypted:	false
SSDEEP:
MD5:	4C1FDF3B9594E1D40D8892E1C778E82C
SHA1:	8D748C9CC8FF7049C98057DE329E5D1F1A4FEAC3
SHA-256:	462C4AB54E1F5A604603A46BD940717B043774545E07170C025503D659606F3B
SHA-512:	3BABE493750F83599FFB532B0037F598F192424840808584996F61E564F1307142097883CA19EF68EE2E1176D3D16A93E84F0CF7E82DD5DA1107B454CEF62814
Malicious:	false
Reputation:	low
Preview:	........^ ..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...r.y...s.....t.....v.....w.....y.....z.....\|.....}...................................................................#.....L....._.....p...............................................<.....d.....v.....x.....\|.....................................................3.....C.....V.....q.....................................................&.....1.....A.....N.....R.....U.....\.....u.........................................)...../.....7.....>.....D.....O.....].....s.....{...............................................P.....[.....k.....x.....................................................".....).....,.....-.....6.....?.....H.....O.....`.............................X.....l...........................................................+.....B.....o...................................#.....+.....7.....U.....].....j... .n...".....%.....(.....*.....+.....,.....-.......7.../.R...0.]...1.....3.....4.....5.....6.....7.B...8.X...9.g...;.{...<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ro.7BB9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	476228
Entropy (8bit):	5.4388080726935835
Encrypted:	false
SSDEEP:
MD5:	0360F9B184717DA0D946E30FB5599237
SHA1:	25B2A0201E3D8057D8672017585A452FF4AC19EE
SHA-256:	BCB143FEF1281D33B2B2CDD29D3A1D18DEBA7D7F004B490C2DAEBAB5CE2E0E33
SHA-512:	78C57D3949225BD589A9919E5784DCFEF260196A87442A5C28107BF457A5D07B62FF6F9CB2D36F8294E390DBBFA5E1A2E70A8CE01027D59992BDB025E7BC38B6
Malicious:	false
Reputation:	low
Preview:	........< ..e.....h.....i.....j.....k.....l.....n.....o. ...p.-...r.3...s.D...t.M...v.b...w.o...y.u...z.....\|.....}...............................................................................$.....0.....>.....I.........................................'.....9.....;.....?.....g.....................................................-.....@.....b.....y.........................................$.....-.....G.....c.....g.....r.....z.............................".....P.....s.................................................................".....1.....?.....`.....p.........................................#.....&.....7.....I.....\.....w.................................................................:.......................<.....Q.....g...................................................../.....F.....t.............................8.....?.....J.....a..................... .....".....%.....(.....*.....+.....,.)...-.C.....i.../.....0.....1.....3.....4.....5.....6.K...7.`...8.w...9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ro.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	476228
Entropy (8bit):	5.4388080726935835
Encrypted:	false
SSDEEP:
MD5:	0360F9B184717DA0D946E30FB5599237
SHA1:	25B2A0201E3D8057D8672017585A452FF4AC19EE
SHA-256:	BCB143FEF1281D33B2B2CDD29D3A1D18DEBA7D7F004B490C2DAEBAB5CE2E0E33
SHA-512:	78C57D3949225BD589A9919E5784DCFEF260196A87442A5C28107BF457A5D07B62FF6F9CB2D36F8294E390DBBFA5E1A2E70A8CE01027D59992BDB025E7BC38B6
Malicious:	false
Reputation:	low
Preview:	........< ..e.....h.....i.....j.....k.....l.....n.....o. ...p.-...r.3...s.D...t.M...v.b...w.o...y.u...z.....\|.....}...............................................................................$.....0.....>.....I.........................................'.....9.....;.....?.....g.....................................................-.....@.....b.....y.........................................$.....-.....G.....c.....g.....r.....z.............................".....P.....s.................................................................".....1.....?.....`.....p.........................................#.....&.....7.....I.....\.....w.................................................................:.......................<.....Q.....g...................................................../.....F.....t.............................8.....?.....J.....a..................... .....".....%.....(.....*.....+.....,.)...-.C.....i.../.....0.....1.....3.....4.....5.....6.K...7.`...8.w...9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ru.7BF9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	775374
Entropy (8bit):	4.861953393187702
Encrypted:	false
SSDEEP:
MD5:	4B4C20D75C5BC535BD4B3118D0BDCEAD
SHA1:	5AE489849D552738EFE82821255F283DA60AE231
SHA-256:	3EC6C54CFB23C164A5C8AEB9522C7B85E3E1E6D3114ABAA9AE6821CF8D1F6742
SHA-512:	352131919B6CD5CB9C613D8A61A7F3DAA08812088B7EA91B5B87CCF3323DF4EB27B04C9982A4A22E9EEC37FBC339ED7A7F9D6EDDC01F809E7878FC97050453CF
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.'...v.<...w.I...y.O...z.^...\|.d...}.v.....~.......................................................................).....F.....^.....u.................).....3.....=.....~...................................+.....c.....o........................................S.........................................{.....................................................A.....Z.....u.......................>....._.....m.....u.........................................0.....~............................Y.....z...................................1.....T.....r...........................................................0...........7.................O.....v.......................,.....K....._.....t.......................!.......................5...................................$.....5.....D... .R...".q...%.....(.....*.;...+.>...,.\...-.y........./.....0.....1.c...3.z...4.....5.....6.T...7.x...8.....9.....;.....<.....=.....>.>...?.M.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ru.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	775374
Entropy (8bit):	4.861953393187702
Encrypted:	false
SSDEEP:
MD5:	4B4C20D75C5BC535BD4B3118D0BDCEAD
SHA1:	5AE489849D552738EFE82821255F283DA60AE231
SHA-256:	3EC6C54CFB23C164A5C8AEB9522C7B85E3E1E6D3114ABAA9AE6821CF8D1F6742
SHA-512:	352131919B6CD5CB9C613D8A61A7F3DAA08812088B7EA91B5B87CCF3323DF4EB27B04C9982A4A22E9EEC37FBC339ED7A7F9D6EDDC01F809E7878FC97050453CF
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.'...v.<...w.I...y.O...z.^...\|.d...}.v.....~.......................................................................).....F.....^.....u.................).....3.....=.....~...................................+.....c.....o........................................S.........................................{.....................................................A.....Z.....u.......................>....._.....m.....u.........................................0.....~............................Y.....z...................................1.....T.....r...........................................................0...........7.................O.....v.......................,.....K....._.....t.......................!.......................5...................................$.....5.....D... .R...".q...%.....(.....*.;...+.>...,.\...-.y........./.....0.....1.c...3.z...4.....5.....6.T...7.x...8.....9.....;.....<.....=.....>.>...?.M.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sk.7C48.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	491505
Entropy (8bit):	5.790778086303505
Encrypted:	false
SSDEEP:
MD5:	1AEE3EB4F562B25CA1D7070C8F7AE54C
SHA1:	E21A6F8DA52D1E8A574D2884C47937198C63F980
SHA-256:	13FE23828A3CB7C172E7A0B61FB5D0DCDED03D924BFC1190A2D9D1705AB50651
SHA-512:	21C1F68F1AD43045CE0E4E8A0CED65E29427A7DF3A41423DE8B7A23524793CA339FD4C68BC6CE469146AF79780A04573A1531BE230CB67691A65890F92D953FE
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....\|.....}.........................................................................'.....;.....C.....U.....`...................................-.....c.....x.....z.....~...............................................".....T.....b.....r...................................................../.....7.....D.....T.....Z.....h.....s.....................................................6.....>.....E.....M.....^.....m.........................................&.....N.....s.....}...........................................................%.....;.....B.....E.....F.....T.....b.....j.....v.................0.....z.............................V.....f.....................................................0.....S.....u...................................$.....>.....H.....W... .a...".u...%.....(.....*.....+.....,.....-.......4.../.M...0.W...1.....3.....4.....5.....6.....7.%...8.<...9.T...;.e...<.q...=.\|...>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sk.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	491505
Entropy (8bit):	5.790778086303505
Encrypted:	false
SSDEEP:
MD5:	1AEE3EB4F562B25CA1D7070C8F7AE54C
SHA1:	E21A6F8DA52D1E8A574D2884C47937198C63F980
SHA-256:	13FE23828A3CB7C172E7A0B61FB5D0DCDED03D924BFC1190A2D9D1705AB50651
SHA-512:	21C1F68F1AD43045CE0E4E8A0CED65E29427A7DF3A41423DE8B7A23524793CA339FD4C68BC6CE469146AF79780A04573A1531BE230CB67691A65890F92D953FE
Malicious:	false
Reputation:	low
Preview:	........F ..e.....h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....\|.....}.........................................................................'.....;.....C.....U.....`...................................-.....c.....x.....z.....~...............................................".....T.....b.....r...................................................../.....7.....D.....T.....Z.....h.....s.....................................................6.....>.....E.....M.....^.....m.........................................&.....N.....s.....}...........................................................%.....;.....B.....E.....F.....T.....b.....j.....v.................0.....z.............................V.....f.....................................................0.....S.....u...................................$.....>.....H.....W... .a...".u...%.....(.....*.....+.....,.....-.......4.../.M...0.W...1.....3.....4.....5.....6.....7.%...8.<...9.T...;.e...<.q...=.\|...>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sl.7CA7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	472257
Entropy (8bit):	5.463731267253857
Encrypted:	false
SSDEEP:
MD5:	F444D22F95DE662CEDA686A676AC605D
SHA1:	B134E02920A937C42E9545AE9B1678A58837071C
SHA-256:	E7855232869606767C2F46185AFA666B50D6B62DD5B6019B30BC7DE7129F8043
SHA-512:	1F9381EC33DD8408D44E17C24773C685CC365C198588AA8AFEED0F70ED5389D9010AD2897BDA25D1B199E8ECA5EFB454B9D5245B7609F020E1DDB5F116561C27
Malicious:	false
Reputation:	low
Preview:	........, '.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...\|.j...}.\|.....................................................................................................`.....p.............................!.....4.....6.....:.....b.................................................................#.....0.....8.....A.....P.....d.....s.................................................................&.....?.....Y.....y.....................................................,.....?.....J.....Z...............................................(.....7.....C.....R.....l.....q.........................................................................................a.......................B.....e...........................................................A.....Y...................................0.....7.....>.....K.....f.....r......... .....".....%.....(.....*.....+.....,.....-.@.....^.../.{...0.....1.....3.....4.....5.....6.0...7.H...8.c...9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sl.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	472257
Entropy (8bit):	5.463731267253857
Encrypted:	false
SSDEEP:
MD5:	F444D22F95DE662CEDA686A676AC605D
SHA1:	B134E02920A937C42E9545AE9B1678A58837071C
SHA-256:	E7855232869606767C2F46185AFA666B50D6B62DD5B6019B30BC7DE7129F8043
SHA-512:	1F9381EC33DD8408D44E17C24773C685CC365C198588AA8AFEED0F70ED5389D9010AD2897BDA25D1B199E8ECA5EFB454B9D5245B7609F020E1DDB5F116561C27
Malicious:	false
Reputation:	low
Preview:	........, '.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.$...t.-...v.B...w.O...y.U...z.d...\|.j...}.\|.....................................................................................................`.....p.............................!.....4.....6.....:.....b.................................................................#.....0.....8.....A.....P.....d.....s.................................................................&.....?.....Y.....y.....................................................,.....?.....J.....Z...............................................(.....7.....C.....R.....l.....q.........................................................................................a.......................B.....e...........................................................A.....Y...................................0.....7.....>.....K.....f.....r......... .....".....%.....(.....*.....+.....,.....-.@.....^.../.{...0.....1.....3.....4.....5.....6.0...7.H...8.c...9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sr.7CE6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	727063
Entropy (8bit):	4.787323128649208
Encrypted:	false
SSDEEP:
MD5:	97857E558E2050BD1BB0DAE13356050C
SHA1:	A8C3A1252718FE8DFB3FE041B44B5DA77C610B6A
SHA-256:	29DBA0CEEB9FD0F28D82E5953C53478437477AF936AE1981ECED8ED581FC65EA
SHA-512:	7BCC7DA8B9E1BD45E6A84700AC253100F5CE2A3C3F170619AF4DD51909F9D413E80254CB55898442B5F18F9C0597BDF474A973477C79D72C8B26A634B6467139
Malicious:	false
Reputation:	low
Preview:	........T ..e.....h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....\|.....}.........................................................................[.............................P.....k.......................'.........................................O.....].....n...................................'.....].........................................c.....................................................$.....H.....h.......................7.....W.....e.....m.....t.........................................t.............................$.....^.........................................&.....G.....j.................................................................'...........W...................................&.....?.....k.....y...................................J.......................;...................................#.....8.....G... .[...".....%.....(.....*.!...+.$...,.B...-.j........./.....0.....1.=...3.T...4.....5.....6.-...7.U...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sr.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	727063
Entropy (8bit):	4.787323128649208
Encrypted:	false
SSDEEP:
MD5:	97857E558E2050BD1BB0DAE13356050C
SHA1:	A8C3A1252718FE8DFB3FE041B44B5DA77C610B6A
SHA-256:	29DBA0CEEB9FD0F28D82E5953C53478437477AF936AE1981ECED8ED581FC65EA
SHA-512:	7BCC7DA8B9E1BD45E6A84700AC253100F5CE2A3C3F170619AF4DD51909F9D413E80254CB55898442B5F18F9C0597BDF474A973477C79D72C8B26A634B6467139
Malicious:	false
Reputation:	low
Preview:	........T ..e.....h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....\|.....}.........................................................................[.............................P.....k.......................'.........................................O.....].....n...................................'.....].........................................c.....................................................$.....H.....h.......................7.....W.....e.....m.....t.........................................t.............................$.....^.........................................&.....G.....j.................................................................'...........W...................................&.....?.....k.....y...................................J.......................;...................................#.....8.....G... .[...".....%.....(.....*.!...+.$...,.B...-.j........./.....0.....1.=...3.T...4.....5.....6.-...7.U...8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sv.7D35.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	427582
Entropy (8bit):	5.512265941044363
Encrypted:	false
SSDEEP:
MD5:	BEEF910D2973F18830B8671A6805EB5A
SHA1:	A451C1280DB47AC7469715C7BD2AE14733C5A000
SHA-256:	210B43F6B5A953FEDB3C97AD539F62014450675240E4361C2120C3B8822FDB50
SHA-512:	1DAFBAEA8DBCCB1DD15EAF5977FA609241744A236E952CE6D8D5B5BC1559B6EDD4464A7B00DBC93637FFEA1111F3876A799E9892CA1B37E82FC4B7343FCD4E64
Malicious:	false
Reputation:	low
Preview:	......... 6.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.&...w.3...y.9...z.H...\|.N...}.`.....h.....m.....u.....}.............................................................................J.....S.....n.....v.........................................$.....=.....U.....[.....k.....\|........................................................... ...../.....7.....o.......................................................................6.....W.....{.......................................................................D.....L.....W.....o.................................................................-.....:.....L.....].....z...........................................................>.....x................................... .....1.....:.....B.....D.....J.....\.....}.............................%.....O.....i.....o.....y........................... .....".....%.....(.....*.....+. ...,.>...-.J.....s.../.....0.....1.....3.....4.....5.....6.K...7.]...8.m...9.\|...;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sv.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	427582
Entropy (8bit):	5.512265941044363
Encrypted:	false
SSDEEP:
MD5:	BEEF910D2973F18830B8671A6805EB5A
SHA1:	A451C1280DB47AC7469715C7BD2AE14733C5A000
SHA-256:	210B43F6B5A953FEDB3C97AD539F62014450675240E4361C2120C3B8822FDB50
SHA-512:	1DAFBAEA8DBCCB1DD15EAF5977FA609241744A236E952CE6D8D5B5BC1559B6EDD4464A7B00DBC93637FFEA1111F3876A799E9892CA1B37E82FC4B7343FCD4E64
Malicious:	false
Reputation:	low
Preview:	......... 6.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.&...w.3...y.9...z.H...\|.N...}.`.....h.....m.....u.....}.............................................................................J.....S.....n.....v.........................................$.....=.....U.....[.....k.....\|........................................................... ...../.....7.....o.......................................................................6.....W.....{.......................................................................D.....L.....W.....o.................................................................-.....:.....L.....].....z...........................................................>.....x................................... .....1.....:.....B.....D.....J.....\.....}.............................%.....O.....i.....o.....y........................... .....".....%.....(.....*.....+. ...,.>...-.J.....s.../.....0.....1.....3.....4.....5.....6.K...7.]...8.m...9.\|...;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sw.7D75.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	448511
Entropy (8bit):	5.318210034114134
Encrypted:	false
SSDEEP:
MD5:	4511187811C90A1A8EEAE8E9428B0112
SHA1:	F7F4BCE27C5E68BCF5D3CBD840963F2B2BCDA36F
SHA-256:	F646CB08B5B697D45EF7013F5ED5C11047CD396E9FB4FD888C89F016E824334F
SHA-512:	D5FAB8F1AAC68128D813919558D041334E11F4A3F5C2A33DA7990BA792D5868650A5715E730C7F0EADFC624F0365355CA2AC457C63DD69A2A1559517DF1CB45B
Malicious:	false
Reputation:	low
Preview:	........K ..e.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.\|...w.....y.....z.....\|.....}...............................................................................-.....=.....Q.....]........................................./.....F.....H.....L.....t.....................................................#...........K.....\.....f.....l.....................................................&..........-.....2.....C.....].....u.....................................................&.....3.....D.....f.....m.........................................E.....r.....\|.....................................................&.....<.....L.....S.....V.....W.....d.....k.....p.....w.....~.............................$.....].....u...........................................................&.....D.....s...............................................6.....V.....a.....n... .v...".....%.....(..........+.....,.....-.!.....I.../.^...0.a...1.....3.....4.....5.....6.....7.5...8.Q...9.[...;.j.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\sw.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	448511
Entropy (8bit):	5.318210034114134
Encrypted:	false
SSDEEP:
MD5:	4511187811C90A1A8EEAE8E9428B0112
SHA1:	F7F4BCE27C5E68BCF5D3CBD840963F2B2BCDA36F
SHA-256:	F646CB08B5B697D45EF7013F5ED5C11047CD396E9FB4FD888C89F016E824334F
SHA-512:	D5FAB8F1AAC68128D813919558D041334E11F4A3F5C2A33DA7990BA792D5868650A5715E730C7F0EADFC624F0365355CA2AC457C63DD69A2A1559517DF1CB45B
Malicious:	false
Reputation:	low
Preview:	........K ..e.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.\|...w.....y.....z.....\|.....}...............................................................................-.....=.....Q.....]........................................./.....F.....H.....L.....t.....................................................#...........K.....\.....f.....l.....................................................&..........-.....2.....C.....].....u.....................................................&.....3.....D.....f.....m.........................................E.....r.....\|.....................................................&.....<.....L.....S.....V.....W.....d.....k.....p.....w.....~.............................$.....].....u...........................................................&.....D.....s...............................................6.....V.....a.....n... .v...".....%.....(..........+.....,.....-.!.....I.../.^...0.a...1.....3.....4.....5.....6.....7.5...8.Q...9.[...;.j.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ta.7DC4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1150585
Entropy (8bit):	4.06659508429348
Encrypted:	false
SSDEEP:
MD5:	7B2975F1B7FE5BF6CA9F89F6689737D2
SHA1:	4FFE2DFBD217A66DB7A359637D8863E93E4B7029
SHA-256:	5D3ECB652601CFF2E87EEE3E8DC87709FD236E1594AD790B5263837AAD2697B0
SHA-512:	E5F9A3AE67E2D6CE9B4568820E0AE3A469DB704179CFE85D25A5821A276CDCBA3C1478322C1BAE4E2819952196F70E9E8EB116F666647188B6E529293526BD5A
Malicious:	false
Reputation:	low
Preview:	......... 7.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.$...w.1...y.7...z.F...\|.L...}.^.....f.....k.....s.....{...............................................9.....g...................................1.....F.....U...........A...................................y....................... .....o.......................d.............................).....K...........@.....X...................................,.....d.......................m.................A.....M.....U.....\.....z.................$.....?.....g.......................3.....z...........o............................k.....n.................%.....X...............................................%.....8.....y.....W.................................................................?.....W.....c.................G...........N................._.............................C.....g.....t... .....".....%. ...(..........+.....,.....-.J........./.....0.....1.\|...3.....4.....5.....6.!...7.d...8.....9.....;.....<.N.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ta.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1150585
Entropy (8bit):	4.06659508429348
Encrypted:	false
SSDEEP:
MD5:	7B2975F1B7FE5BF6CA9F89F6689737D2
SHA1:	4FFE2DFBD217A66DB7A359637D8863E93E4B7029
SHA-256:	5D3ECB652601CFF2E87EEE3E8DC87709FD236E1594AD790B5263837AAD2697B0
SHA-512:	E5F9A3AE67E2D6CE9B4568820E0AE3A469DB704179CFE85D25A5821A276CDCBA3C1478322C1BAE4E2819952196F70E9E8EB116F666647188B6E529293526BD5A
Malicious:	false
Reputation:	low
Preview:	......... 7.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.$...w.1...y.7...z.F...\|.L...}.^.....f.....k.....s.....{...............................................9.....g...................................1.....F.....U...........A...................................y....................... .....o.......................d.............................).....K...........@.....X...................................,.....d.......................m.................A.....M.....U.....\.....z.................$.....?.....g.......................3.....z...........o............................k.....n.................%.....X...............................................%.....8.....y.....W.................................................................?.....W.....c.................G...........N................._.............................C.....g.....t... .....".....%. ...(..........+.....,.....-.J........./.....0.....1.\|...3.....4.....5.....6.!...7.d...8.....9.....;.....<.N.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\te.7E23.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1062188
Entropy (8bit):	4.320784073898087
Encrypted:	false
SSDEEP:
MD5:	49CBF0682F97E05C22680D01FEBE9407
SHA1:	562A9328929132167CAEB26FFAC501A7FAE628A3
SHA-256:	E6B69D375A93C569D60699B29FF4D84C36CA399112DB83648735004631BA15C9
SHA-512:	704FFEF52F1425650DC077BCBE26B83D1EE639EFD5EE7E2F73F64A3EA455164F71B7058525C1E394795AA47B3D9BF2409A2A77A9029D9168D42F1730FDEC122B
Malicious:	false
Reputation:	low
Preview:	........c ..e.$...h.,...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.....................................!.....(...../.....0.....1.....6.................!.....^.....v.....7.....V.......................]...........D.....F.....R.....z.......................B.......................N.....p...........4.....e.............................!.......................<...................................N.................L.....................................................&.....H.......................].........................................).....`.....\|....................... .....B.....d.........................................@.....g...................................G.......................+.....s.................G.....S.............................d...........Q.................b...........W.....c.......................9.....F... .X...".}...%.....(.;...*.....+.....,.....-.......,.../.....0.....1.8...3.[...4.....5.....6.d...7.....8.....9.9...;.f.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\te.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	1062188
Entropy (8bit):	4.320784073898087
Encrypted:	false
SSDEEP:
MD5:	49CBF0682F97E05C22680D01FEBE9407
SHA1:	562A9328929132167CAEB26FFAC501A7FAE628A3
SHA-256:	E6B69D375A93C569D60699B29FF4D84C36CA399112DB83648735004631BA15C9
SHA-512:	704FFEF52F1425650DC077BCBE26B83D1EE639EFD5EE7E2F73F64A3EA455164F71B7058525C1E394795AA47B3D9BF2409A2A77A9029D9168D42F1730FDEC122B
Malicious:	false
Reputation:	low
Preview:	........c ..e.$...h.,...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.....................................!.....(...../.....0.....1.....6.................!.....^.....v.....7.....V.......................]...........D.....F.....R.....z.......................B.......................N.....p...........4.....e.............................!.......................<...................................N.................L.....................................................&.....H.......................].........................................).....`.....\|....................... .....B.....d.........................................@.....g...................................G.......................+.....s.................G.....S.............................d...........Q.................b...........W.....c.......................9.....F... .X...".}...%.....(.;...*.....+.....,.....-.......,.../.....0.....1.8...3.[...4.....5.....6.d...7.....8.....9.9...;.f.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\th.7E82.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	893578
Entropy (8bit):	4.371268282487212
Encrypted:	false
SSDEEP:
MD5:	8A043D9F2AEB8A90F514865649723BF4
SHA1:	2F30D7EC5B91D1B8B77B4FD35E559D57EC47DB2B
SHA-256:	92CF42A5AD5DFB72AA355FBC62BFDD3148B20921473C2B2B392A89246E94A3BC
SHA-512:	005820ED8A8008A254ACC6C290EA212DBDD12654ADE117FC67F81510E42A7FD40C34C63EB6894412C12E1DF1D395852A5C04377D6917BE28873CD14685D53EA2
Malicious:	false
Reputation:	low
Preview:	............e.v...h.~...i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}......2.....7.....?.....J.....R.....W....._.....f.....m.....t.....v.....{.......................h.................).....i.......................K...................................$.....6.....].............................'.....E.............................).....}.........../.....\.....h...............................................B.....o.......................D.....W.....`.....h.....o.....~.............................?.......................D.....h.......................O.....g.................................../.....L.....s.....z.....}...........................................................9.....c...........5.....M.....n...................................d.......................J.................<.....E.....Z........................... .....".....%.S...(..........+.....,.....-.0........./.....0.....1.T...3.....4.....5.....6.....7.....8.....9.....;.0...<.I...=.n...>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\th.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	893578
Entropy (8bit):	4.371268282487212
Encrypted:	false
SSDEEP:
MD5:	8A043D9F2AEB8A90F514865649723BF4
SHA1:	2F30D7EC5B91D1B8B77B4FD35E559D57EC47DB2B
SHA-256:	92CF42A5AD5DFB72AA355FBC62BFDD3148B20921473C2B2B392A89246E94A3BC
SHA-512:	005820ED8A8008A254ACC6C290EA212DBDD12654ADE117FC67F81510E42A7FD40C34C63EB6894412C12E1DF1D395852A5C04377D6917BE28873CD14685D53EA2
Malicious:	false
Reputation:	low
Preview:	............e.v...h.~...i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}......2.....7.....?.....J.....R.....W....._.....f.....m.....t.....v.....{.......................h.................).....i.......................K...................................$.....6.....].............................'.....E.............................).....}.........../.....\.....h...............................................B.....o.......................D.....W.....`.....h.....o.....~.............................?.......................D.....h.......................O.....g.................................../.....L.....s.....z.....}...........................................................9.....c...........5.....M.....n...................................d.......................J.................<.....E.....Z........................... .....".....%.S...(..........+.....,.....-.0........./.....0.....1.T...3.....4.....5.....6.....7.....8.....9.....;.0...<.I...=.n...>...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\tr.7ED1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	456726
Entropy (8bit):	5.5909729125343794
Encrypted:	false
SSDEEP:
MD5:	B76FF64E1861621917865492DB1FBF7F
SHA1:	C36F5CF1253A3EC2F22D4511B19DDF58BD513361
SHA-256:	4C5FCD0F762C0DB291E31725EC6F956D6EC0FA9851226B1507ACD2047490E9E4
SHA-512:	59986AF8A57927A2949543C75D97E4DE51E4F89310A73D3808AD48DEBAE6D003BD6B60D66569F86FA7C024A2BFDDF0ACECF7E60FCC4BA9F68A4117C6A774B2E0
Malicious:	false
Reputation:	low
Preview:	........f ..e....h.2...i.C...j.M...k.\...l.g...n.o...o.t...p.....r.....s.....t.....v.....w.....y.....z.....\|.....}...........................................#..........+.....,...........i.........................................:.....G.....[.....y.........................................!.....(.....=.....P.....Z.....s...........................................................,.....e.....}.......................................................................1.....I.....c.....q.....v.....~...............................................!...........J.....Y.................................................................1.....H.....a.....q.....x.....{.....\|...............................................?.....~........................................:.....C.....M.....V.....].....v............................./.....W................................................... .....".....%....(.@...*.^...+.a...,.....-.........../.....0.....1.....3.$...4.:...5.]...6.....7.....8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\tr.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	456726
Entropy (8bit):	5.5909729125343794
Encrypted:	false
SSDEEP:
MD5:	B76FF64E1861621917865492DB1FBF7F
SHA1:	C36F5CF1253A3EC2F22D4511B19DDF58BD513361
SHA-256:	4C5FCD0F762C0DB291E31725EC6F956D6EC0FA9851226B1507ACD2047490E9E4
SHA-512:	59986AF8A57927A2949543C75D97E4DE51E4F89310A73D3808AD48DEBAE6D003BD6B60D66569F86FA7C024A2BFDDF0ACECF7E60FCC4BA9F68A4117C6A774B2E0
Malicious:	false
Reputation:	low
Preview:	........f ..e....h.2...i.C...j.M...k.\...l.g...n.o...o.t...p.....r.....s.....t.....v.....w.....y.....z.....\|.....}...........................................#..........+.....,...........i.........................................:.....G.....[.....y.........................................!.....(.....=.....P.....Z.....s...........................................................,.....e.....}.......................................................................1.....I.....c.....q.....v.....~...............................................!...........J.....Y.................................................................1.....H.....a.....q.....x.....{.....\|...............................................?.....~........................................:.....C.....M.....V.....].....v............................./.....W................................................... .....".....%....(.@...*.^...+.a...,.....-.........../.....0.....1.....3.$...4.:...5.]...6.....7.....8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\uk.7F10.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	777266
Entropy (8bit):	4.892340554554397
Encrypted:	false
SSDEEP:
MD5:	5C3174DBF04091962CD0D993B921ACEB
SHA1:	687E2FB1B72DA523470B5B448CB1DC892216C107
SHA-256:	CF76BFE9C309569F05BDBC92F0E5DC9DB1A59FFC4DAB69F3D67C7AC723E2B772
SHA-512:	6A44D1542060A63207CA5094482B3A59044A44D2E0860E814765CF45A94FEF3ACD4F488BA22B2172245466479BDE1D952DBA51291D67A566047910D3CDDD77FF
Malicious:	false
Reputation:	low
Preview:	..........[.e.N...h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.............................6...................................K..................................E.....{...................................1.....@.....k...................................%.....9.....................................................'.....S.....l.............................I.....j.....x.........................................$.....=.............................,.....[.....k.........................................8.....a...........................................................%.....;...........Q.................p......................H.....{...................................:.....i.................!.....\..................................Z.....k.....z... .....".....%.....(."....o...+.r...,.....-.......).../.W...0.i...1.....3.....4.....5.N...6.....7.....8.....9.....;.....<.2...=.F.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\uk.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	777266
Entropy (8bit):	4.892340554554397
Encrypted:	false
SSDEEP:
MD5:	5C3174DBF04091962CD0D993B921ACEB
SHA1:	687E2FB1B72DA523470B5B448CB1DC892216C107
SHA-256:	CF76BFE9C309569F05BDBC92F0E5DC9DB1A59FFC4DAB69F3D67C7AC723E2B772
SHA-512:	6A44D1542060A63207CA5094482B3A59044A44D2E0860E814765CF45A94FEF3ACD4F488BA22B2172245466479BDE1D952DBA51291D67A566047910D3CDDD77FF
Malicious:	false
Reputation:	low
Preview:	..........[.e.N...h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.............................6...................................K..................................E.....{...................................1.....@.....k...................................%.....9.....................................................'.....S.....l.............................I.....j.....x.........................................$.....=.............................,.....[.....k.........................................8.....a...........................................................%.....;...........Q.................p......................H.....{...................................:.....i.................!.....\..................................Z.....k.....z... .....".....%.....(."....o...+.r...,.....-.......).../.W...0.i...1.....3.....4.....5.N...6.....7.....8.....9.....;.....<.2...=.F.

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\vi.7F5F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	541967
Entropy (8bit):	5.784202725403951
Encrypted:	false
SSDEEP:
MD5:	87E136C4DB9F2CF009B73682DDC6D304
SHA1:	933911CDC14C9822BC7A33A4686EF83CC5DEBD4C
SHA-256:	1671D72DDCEE749D1F1735611B43178FDCC470EEF16C1D554A834F8A42F0A713
SHA-512:	11C742EF12F7B4AE8F1940D3984EBB53659B9D530DD9B44DD8E1E051C3811A60C547B47684B1E390E230AE6BFDFDF579BDD7A66E09FA8742E3BEA5EC6AE15FFD
Malicious:	false
Reputation:	low
Preview:	..........].e.J...h.R...i.l...j.x...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....Y.....\|.............................5.....>.....e.....q.....{...................................9.....N.....r.....\|.........................................).....I.....e.....i.....n...........................................................".....%.....).....D.....b.....x.........................................".....)...........M....._................................... .....@.....W.........................................F.....I.....Z.....p.............................................................................K.............................:.....L.....................................................,.....O.............................%.....<.....A.....L.....b..................... .....".....%.....(.....*.3...+.6...,.T...-.p........./.....0.....1.....3.....4.6...5.K...6.....7.....8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\vi.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	541967
Entropy (8bit):	5.784202725403951
Encrypted:	false
SSDEEP:
MD5:	87E136C4DB9F2CF009B73682DDC6D304
SHA1:	933911CDC14C9822BC7A33A4686EF83CC5DEBD4C
SHA-256:	1671D72DDCEE749D1F1735611B43178FDCC470EEF16C1D554A834F8A42F0A713
SHA-512:	11C742EF12F7B4AE8F1940D3984EBB53659B9D530DD9B44DD8E1E051C3811A60C547B47684B1E390E230AE6BFDFDF579BDD7A66E09FA8742E3BEA5EC6AE15FFD
Malicious:	false
Reputation:	low
Preview:	..........].e.J...h.R...i.l...j.x...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....\|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....Y.....\|.............................5.....>.....e.....q.....{...................................9.....N.....r.....\|.........................................).....I.....e.....i.....n...........................................................".....%.....).....D.....b.....x.........................................".....)...........M....._................................... .....@.....W.........................................F.....I.....Z.....p.............................................................................K.............................:.....L.....................................................,.....O.............................%.....<.....A.....L.....b..................... .....".....%.....(.....*.3...+.6...,.T...-.p........./.....0.....1.....3.....4.6...5.K...6.....7.....8.....9.....;.....<...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\zh-7F9F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	393671
Entropy (8bit):	6.69159185962072
Encrypted:	false
SSDEEP:
MD5:	EEFF1A560556835A6F71A81388BC1A7D
SHA1:	E2E8E546A460957471DDC951DC25A500A78F0CE8
SHA-256:	8209361311C412CAB880A52CF90041FE01DB8382A55DF7B0345663D91B162D22
SHA-512:	8E68C86EE116A97A5CE39464853B41F4D54F637393A580474682EFB9250FB309C2C0EF233791FDC11553B36250A7F4E49F2DB712D86EB586D7DB9845265E49B3
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....m.....o.....p.....r."...s.3...t.<...v.Q...w.^...\|.d...}.v.....~.........................................................................................%.........................................).....;.....=.....A.....l.................................................................,.....>.....D.....J.....V.....n.....z.................................................................".....7.....O.....g.............................................................................?.....K.....Z.....r..................................................... .....2.....>.....P.....d.....x.......................................................................F.....s.....y.........................................!.....-.....3.....9.....K.....].....u.............................".....7.....=.....C.....X.....l.....u......... .....".....%.....(.....*.....+.....,.....-.......B.../.W...0.l...1.....3.....4.....5.....6.....7."...8.7...9.C...;._...<.x...=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\zh-7FCF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	392360
Entropy (8bit):	6.702769003583218
Encrypted:	false
SSDEEP:
MD5:	DF203B5DFF40FDA7C1EACB73A316544F
SHA1:	CC7698ECAB52ED970B4EA425F41A004BFD871A0C
SHA-256:	BD43EEEF5336ECDA3AAEFFD6B609B4F0CE07F3D62492C3FA54BFE2AF47BD6B52
SHA-512:	CC8B3E57B50AA1948FBAEF41C305B44145E23A647A6EC74B5CF6EBF2424BE38E7ED93C27F62F0E83FD555FE60E23E6CF5CD7F6D1A3BF3859739A1CF34126FABF
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.................................................................G....._.....u...............................................0.....?.....W.....].....i.....x.............................................................................A.....S.....Y.....b.....n.....z.............................................................................%.....,.....8.....D.....Q.....f.....r.....~.........................................5.....>.....J.....V.....h.........................................................................................#.....-.....=.....j...................................-.....N.....Z.....f.....l.....x.....~.........................................&.....E.....l.....{....................................... .....".....%.....(....../...+.2...,.b...-.w........./.....0.....1.....3.....4.....5....6.h...7.}...8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\zh-CN.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	393671
Entropy (8bit):	6.69159185962072
Encrypted:	false
SSDEEP:
MD5:	EEFF1A560556835A6F71A81388BC1A7D
SHA1:	E2E8E546A460957471DDC951DC25A500A78F0CE8
SHA-256:	8209361311C412CAB880A52CF90041FE01DB8382A55DF7B0345663D91B162D22
SHA-512:	8E68C86EE116A97A5CE39464853B41F4D54F637393A580474682EFB9250FB309C2C0EF233791FDC11553B36250A7F4E49F2DB712D86EB586D7DB9845265E49B3
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....m.....o.....p.....r."...s.3...t.<...v.Q...w.^...\|.d...}.v.....~.........................................................................................%.........................................).....;.....=.....A.....l.................................................................,.....>.....D.....J.....V.....n.....z.................................................................".....7.....O.....g.............................................................................?.....K.....Z.....r..................................................... .....2.....>.....P.....d.....x.......................................................................F.....s.....y.........................................!.....-.....3.....9.....K.....].....u.............................".....7.....=.....C.....X.....l.....u......... .....".....%.....(.....*.....+.....,.....-.......B.../.W...0.l...1.....3.....4.....5.....6.....7."...8.7...9.C...;._...<.x...=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\zh-TW.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	392360
Entropy (8bit):	6.702769003583218
Encrypted:	false
SSDEEP:
MD5:	DF203B5DFF40FDA7C1EACB73A316544F
SHA1:	CC7698ECAB52ED970B4EA425F41A004BFD871A0C
SHA-256:	BD43EEEF5336ECDA3AAEFFD6B609B4F0CE07F3D62492C3FA54BFE2AF47BD6B52
SHA-512:	CC8B3E57B50AA1948FBAEF41C305B44145E23A647A6EC74B5CF6EBF2424BE38E7ED93C27F62F0E83FD555FE60E23E6CF5CD7F6D1A3BF3859739A1CF34126FABF
Malicious:	false
Reputation:	low
Preview:	............e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.#...w.0...y.6...z.E...\|.K...}.].....e.....j.....r.....z.................................................................G....._.....u...............................................0.....?.....W.....].....i.....x.............................................................................A.....S.....Y.....b.....n.....z.............................................................................%.....,.....8.....D.....Q.....f.....r.....~.........................................5.....>.....J.....V.....h.........................................................................................#.....-.....=.....j...................................-.....N.....Z.....f.....l.....x.....~.........................................&.....E.....l.....{....................................... .....".....%.....(....../...+.2...,.b...-.w........./.....0.....1.....3.....4.....5....6.h...7.}...8.....9.....;.....<.....=...

C:\Program Files (x86)\Respondus\LockDown Browser OEM\resB8ED.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	7704389
Entropy (8bit):	7.99659005524514
Encrypted:	true
SSDEEP:
MD5:	16B69C3E52BE121F18DBE09936999FBD
SHA1:	89AD1CB7819F3B01E5D534117CD98B29CBEF1BF9
SHA-256:	68CCCD32BAD64AC4E78846880E0CF1EA069A044F01F1376FDD7F0D0933ACFF32
SHA-512:	30DB64449E070D9162EBF2EDC8587E4DFF150440FC889634B64EA6C5706646531425C39D47AABD6FA63C7AC2C7D82FA858A4FE33613F53BDB7E95EB45AC295BE
Malicious:	false
Reputation:	low
Preview:	............f.T6.....@.....C.....G..^3.Y.._3.g..b3....g3....h3....r3....s3....t39...u3....v3o...w3.(..x3.7..y3.F..z3%U..{3.j..\|3....}3....~3.....3.....3f....3H....3.....3q....3.*...3.C...3.Z...3.q...3.....3r....3.....3.....3.....4.....4.....4<....4M....4x....4.....4#....4.....4.....4.....4.....4.#...4.(...4#)...4.-...4./...4.B...4!F...4^N...4ET...4.W...4.\...4qp...4gw...4{{...4.\|...4.}...4c....4.....4.....4v....4.....4.....4N....4.....5....5q...v5....w5....x5....y5....z5E....5.....5.....5.....5G....5.....5.....5.....5.....5m....5}....5. ...5. ...52!...5.!...5@"...5."...5.#...5.%...5.+...5.,...5J/...5.0...5.5...5+7...5.P...5.R...5.W...5.a..$62d..%6.e..&6&i..'6.k...6.p../6.r..j66...k6....l6...m6G...n6....o6....p6....q6.....7.....7.....7.....7....Z<"...[<>...\<V...]<....^<e..._<....`<....a<>...n<....x<`...y<....z<q...{<U...\|<.....<.....<6....<.....<.....<.!...<.2...<p3...<^=...<DB...<;I...<4N...<.R...<.U...<.Y...<\|a...<=d...<.e...<Xg...<.l...<.s...<.u...<.v...<.x...=t....=.....=....=..

C:\Program Files (x86)\Respondus\LockDown Browser OEM\resources.pak (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	7704389
Entropy (8bit):	7.99659005524514
Encrypted:	true
SSDEEP:
MD5:	16B69C3E52BE121F18DBE09936999FBD
SHA1:	89AD1CB7819F3B01E5D534117CD98B29CBEF1BF9
SHA-256:	68CCCD32BAD64AC4E78846880E0CF1EA069A044F01F1376FDD7F0D0933ACFF32
SHA-512:	30DB64449E070D9162EBF2EDC8587E4DFF150440FC889634B64EA6C5706646531425C39D47AABD6FA63C7AC2C7D82FA858A4FE33613F53BDB7E95EB45AC295BE
Malicious:	false
Reputation:	low
Preview:	............f.T6.....@.....C.....G..^3.Y.._3.g..b3....g3....h3....r3....s3....t39...u3....v3o...w3.(..x3.7..y3.F..z3%U..{3.j..\|3....}3....~3.....3.....3f....3H....3.....3q....3.*...3.C...3.Z...3.q...3.....3r....3.....3.....3.....4.....4.....4<....4M....4x....4.....4#....4.....4.....4.....4.....4.#...4.(...4#)...4.-...4./...4.B...4!F...4^N...4ET...4.W...4.\...4qp...4gw...4{{...4.\|...4.}...4c....4.....4.....4v....4.....4.....4N....4.....5....5q...v5....w5....x5....y5....z5E....5.....5.....5.....5G....5.....5.....5.....5.....5m....5}....5. ...5. ...52!...5.!...5@"...5."...5.#...5.%...5.+...5.,...5J/...5.0...5.5...5+7...5.P...5.R...5.W...5.a..$62d..%6.e..&6&i..'6.k...6.p../6.r..j66...k6....l6...m6G...n6....o6....p6....q6.....7.....7.....7.....7....Z<"...[<>...\<V...]<....^<e..._<....`<....a<>...n<....x<`...y<....z<q...{<U...\|<.....<.....<6....<.....<.....<.!...<.2...<p3...<^=...<DB...<;I...<4N...<.R...<.U...<.Y...<\|a...<=d...<.e...<Xg...<.l...<.s...<.u...<.v...<.x...=t....=.....=....=..

C:\Program Files (x86)\Respondus\LockDown Browser OEM\snaBAD2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	220112
Entropy (8bit):	3.8556760173782307
Encrypted:	false
SSDEEP:
MD5:	8AB394F5AD509885DA519C5343F6A1D4
SHA1:	12E51BDF8F4BF0C80955E20A636C4B83DC016F8E
SHA-256:	4639CAAA60FE682C97C2B2AD8C681FAC4EF3D3730B6F7A233C70A56E647B99C4
SHA-512:	556B52FFD8CADC6DE52641329887F3B033504B01358487470764F0DF72370FDBF0430956EC138142BDDDDDF114B116633A5135859E88CCF39C80B706F881041D
Malicious:	false
Reputation:	low
Preview:	..........Vj11.2.214.14.....................................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\snapshot_blob.bin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	220112
Entropy (8bit):	3.8556760173782307
Encrypted:	false
SSDEEP:
MD5:	8AB394F5AD509885DA519C5343F6A1D4
SHA1:	12E51BDF8F4BF0C80955E20A636C4B83DC016F8E
SHA-256:	4639CAAA60FE682C97C2B2AD8C681FAC4EF3D3730B6F7A233C70A56E647B99C4
SHA-512:	556B52FFD8CADC6DE52641329887F3B033504B01358487470764F0DF72370FDBF0430956EC138142BDDDDDF114B116633A5135859E88CCF39C80B706F881041D
Malicious:	false
Reputation:	low
Preview:	..........Vj11.2.214.14.....................................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\v8_BB12.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	523336
Entropy (8bit):	5.173270573867956
Encrypted:	false
SSDEEP:
MD5:	FCA3C2711C9317B3F6066AAE8F3F2AF2
SHA1:	46EDAFC16D682A9C90F9A96226DE96E844309647
SHA-256:	3A9D8B93D929E8103E016507005903EFFBC946CF148F66794D0950177C96584B
SHA-512:	4A0B2AE078306DCB9AB68721071F1634E5A7E435DF387BA05044CEC35D9932D1F462893738D4AC6D00B1DF1362187D6C12BBDD4F8B24B1C280220D043D1434B2
Malicious:	false
Reputation:	low
Preview:	.........0.p11.2.214.14..........................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\v8_context_snapshot.bin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	523336
Entropy (8bit):	5.173270573867956
Encrypted:	false
SSDEEP:
MD5:	FCA3C2711C9317B3F6066AAE8F3F2AF2
SHA1:	46EDAFC16D682A9C90F9A96226DE96E844309647
SHA-256:	3A9D8B93D929E8103E016507005903EFFBC946CF148F66794D0950177C96584B
SHA-512:	4A0B2AE078306DCB9AB68721071F1634E5A7E435DF387BA05044CEC35D9932D1F462893738D4AC6D00B1DF1362187D6C12BBDD4F8B24B1C280220D043D1434B2
Malicious:	false
Reputation:	low
Preview:	.........0.p11.2.214.14..........................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_BB61.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4538880
Entropy (8bit):	6.652039042954539
Encrypted:	false
SSDEEP:
MD5:	B75E7508CD47571A2A924D2F6FFD5767
SHA1:	CAC80E57D43AE47E6C62BD241C84AA8817FC1914
SHA-256:	0C1EA341C291786EBA2B22391043B90E7A854B081FBA993BE9A48D8D67FEDF47
SHA-512:	7808884CCDBA7A08F94038908CE55F882EFDE61D2FFB6B4BAB78BC29CF3A580D5043E68928254CEFED1D641EF78E8AD27E1C1547DF7B3EE2FF23C2AA6CF6515E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....^7.........@10......................................`F...........@A........................TZA.~....yA.P....0D......................@D.p...<.A......................-A......p7.............8\|A..............................text...s\7......^7................. ..`.rdata..tN...p7..P...b7.............@..@.data....J....A..t....A.............@....00cfg........D......&C.............@..@.tls....1.... D......(C.............@....rsrc........0D......*C.............@..@.reloc..p....@D......0C.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_BD08.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.724752649036734
Encrypted:	false
SSDEEP:
MD5:	8642DD3A87E2DE6E991FAE08458E302B
SHA1:	9C06735C31CEC00600FD763A92F8112D085BD12A
SHA-256:	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
SHA-512:	F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
Malicious:	false
Reputation:	low
Preview:	{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_swiftshader.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4538880
Entropy (8bit):	6.652039042954539
Encrypted:	false
SSDEEP:
MD5:	B75E7508CD47571A2A924D2F6FFD5767
SHA1:	CAC80E57D43AE47E6C62BD241C84AA8817FC1914
SHA-256:	0C1EA341C291786EBA2B22391043B90E7A854B081FBA993BE9A48D8D67FEDF47
SHA-512:	7808884CCDBA7A08F94038908CE55F882EFDE61D2FFB6B4BAB78BC29CF3A580D5043E68928254CEFED1D641EF78E8AD27E1C1547DF7B3EE2FF23C2AA6CF6515E
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....^7.........@10......................................`F...........@A........................TZA.~....yA.P....0D......................@D.p...<.A......................-A......p7.............8\|A..............................text...s\7......^7................. ..`.rdata..tN...p7..P...b7.............@..@.data....J....A..t....A.............@....00cfg........D......&C.............@..@.tls....1.... D......(C.............@....rsrc........0D......*C.............@..@.reloc..p....@D......0C.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vk_swiftshader_icd.json (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.724752649036734
Encrypted:	false
SSDEEP:
MD5:	8642DD3A87E2DE6E991FAE08458E302B
SHA1:	9C06735C31CEC00600FD763A92F8112D085BD12A
SHA-256:	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
SHA-512:	F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
Malicious:	false
Reputation:	low
Preview:	{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulBD19.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	799232
Entropy (8bit):	6.781888751711952
Encrypted:	false
SSDEEP:
MD5:	41570BB25013EE1A24C99EBAB00A40D9
SHA1:	0D1CE3F3375BBC0293EE198412E7AA82C73311FD
SHA-256:	775B534BBCE9D01ACF28906317EA5D391E198FD2645E36DE544C5654CCBF908D
SHA-512:	7EA74F79F8B4D26B3ECFFF28B521D7036FFE7B9D1C293C27FA207BD5F1580EB4692CFFF46D49E4FF89BA1DD49CB95040DD292EBBCB5AA83BB1BAD50308C6EC55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....4................................................................@A........................xO..<!...p..P............................ ...~...-.......................,.......P...............r...............................text... 3.......4.................. ..`.rdata..lU...P...V...8..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc...~... ......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Respondus\LockDown Browser OEM\vulkan-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	799232
Entropy (8bit):	6.781888751711952
Encrypted:	false
SSDEEP:
MD5:	41570BB25013EE1A24C99EBAB00A40D9
SHA1:	0D1CE3F3375BBC0293EE198412E7AA82C73311FD
SHA-256:	775B534BBCE9D01ACF28906317EA5D391E198FD2645E36DE544C5654CCBF908D
SHA-512:	7EA74F79F8B4D26B3ECFFF28B521D7036FFE7B9D1C293C27FA207BD5F1580EB4692CFFF46D49E4FF89BA1DD49CB95040DD292EBBCB5AA83BB1BAD50308C6EC55
Malicious:	false
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....>d.........."!.....4................................................................@A........................xO..<!...p..P............................ ...~...-.......................,.......P...............r...............................text... 3.......4.................. ..`.rdata..lU...P...V...8..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc...~... ......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus\LockDown Browser OEM.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	1086
Entropy (8bit):	3.498090687561937
Encrypted:	false
SSDEEP:
MD5:	84026A8E11021F1CE4C8C488246D66EA
SHA1:	9C033D8D1D1458DD14199AC91251D6181FBFFB6C
SHA-256:	2DF7B31EA1888217A3C4AE9AB748B97C37E354561EBEF5FCE8B1A26906A622FF
SHA-512:	DB9ADD5CE663D2CD5A7A1D0634071B82BD1B0FFD5DA52150D0F2F2F8A1433D1ED0BAD35186FE9B4177D4B22EE17237E819389D6B4266EFEFC48EFDCF0E148B9C
Malicious:	false
Reputation:	low
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".\.1...........Respondus.D............................................R.e.s.p.o.n.d.u.s.....~.1...........LockDown Browser OEM..Z............................................L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M...$...2...........LockDownBrowserOEM.exe..^............................................L.o.c.k.D.o.w.n.B.r.o.w.s.e.r.O.E.M...e.x.e...&...[.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.e.s.p.o.n.d.u.s.\.L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.\.L.o.c.k.D.o.w.n.B.r.o.w.s.e.r.O.E.M...e.x.e.5.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.e.s.p.o.n.d.u.s.\.L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.........*................@Z\|...K.J.....................1SPS.XF.L8C....&.m.m................S.-.1.-.5.-.2.1.-.

C:\Users\user\AppData\Local\Temp\F3FA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	270848
Entropy (8bit):	2.757966736730635
Encrypted:	false
SSDEEP:
MD5:	14CD9C8EBC929721C02C7103FE062165
SHA1:	E9768355330B804D7D351E1A30763E8E97D014C3
SHA-256:	5B68A65CB05E96EFCE249137C4FF950667CB0E0B8471778B1694823502A94EB7
SHA-512:	C2B1B1A8AFAB54AF0EB33ECB3D5908735EEFAAA6F8C0229EF531A1B16318A646840B89F9FA54DD33B2CFF66297D4FF3F0F98D08B4F227149895E7939BF3A9C50
Malicious:	false
Reputation:	low
Preview:	......................>.......................................................{.......................................................................................................................................................................................................................................................................................................................................................................................................................................................!..............................................................................................................."... ...)...^...#...$...%...&...'...(...6...7...+...,...-......./...0...1...2...3...4...5.......8...T...9...:...;...<...=...>...?...@...A...\...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...U...[...V...W...X...Y...Z...n...]..._...`.......m...a.......c...d...e...f...g...h...i...j...k...l.......s...o...p...q...r...t...z...u...v...w...x...y...\|...

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\0x0407.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (324), with CRLF line terminators
Category:	dropped
Size (bytes):	26388
Entropy (8bit):	3.505783353761396
Encrypted:	false
SSDEEP:
MD5:	1F71DEAF7E3C298F4C4112DB5E7AC029
SHA1:	2D653E79C55E31CD00AF51313A7B07AED123AB04
SHA-256:	B4D2BF8DDEEE1E2ACC5DFAA14AC602A69F52195C38EAB4660408FD879AD41A56
SHA-512:	E0C0FE70904F768EBD191CD8AAE285A7E851FF5E5EE3CBE5B78A708B6F378DB33F499291EB89EE268FD3B3A694ABAF6826162571ABA74A6837F65C95A8078666
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.4.0.7.].....1.1.0.0.=.S.e.t.u.p.-.I.n.i.t.i.a.l.i.s.i.e.r.u.n.g.s.f.e.h.l.e.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .b.e.r.e.i.t.e.t. .d.e.n. .%.2. .v.o.r.,. .d.e.r. .S.i.e. .d.u.r.c.h. .d.e.n. .S.e.t.u.p.-.V.o.r.g.a.n.g. .l.e.i.t.e.n. .w.i.r.d... .B.i.t.t.e. .w.a.r.t.e.n.......1.1.0.3.=...b.e.r.p.r...f.e.n. .d.e.r. .B.e.t.r.i.e.b.s.s.y.s.t.e.m.v.e.r.s.i.o.n.....1.1.0.4.=...b.e.r.p.r...f.e.n. .d.e.r. .V.e.r.s.i.o.n. .v.o.n. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r.....1.1.0.5.=.K.o.n.f.i.g.u.r.i.e.r.e.n. .v.o.n. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.K.o.n.f.i.g.u.r.i.e.r.e.n. .v.o.n. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.t. .d.i.e. .K.o.n.f.i.g.u.r.a.t.i.o.n. .v.o.n. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .a.u.f. .I.h.r.e.m. .C.o.m.p.u.t.e.r. .a.b.g.e.s.c.h.l.o.s.s.e.n... .U.m. .m.i.t. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n. .f.o.r.t.z.u.f.a.h.r.e.n. .m.u... .d.a.s. .S.y.s.t.e.m. .n.e.u. .g.e.s.t.a.r.t.e.t. .w.e.r.d.e.n... .W...h.l.e.n. .S.i.e. .N.e.u.s.t.a.r.t.e.n.

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\0x0409.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	22914
Entropy (8bit):	3.4834020467841986
Encrypted:	false
SSDEEP:
MD5:	1196F20CA8BCAA637625E6A061D74C9E
SHA1:	D0946B58676C9C6E57645DBCFFC92C61ECA3B274
SHA-256:	CDB316D7F9AA2D854EB28F7A333426A55CC65FA7D31B0BDF8AE108E611583D29
SHA-512:	75E0B3B98AD8269DC8F7048537AD2B458FA8B1DC54CF39DF015306ABD6701AA8357E08C7D1416D80150CCFD591376BA803249197ABDF726E75D50F79D7370EF3
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\0x040a.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	25628
Entropy (8bit):	3.4383099765422513
Encrypted:	false
SSDEEP:
MD5:	B216BC7B827622578E60B0B37CE9C4C0
SHA1:	18EB706AA172440C783382FB317DCB2EF7D04E2A
SHA-256:	4E42D96CF24224D3ED43E7E14227B96FDE3B43235636480F8861DB0B048FFDDF
SHA-512:	E4211EE47BCCF98369B7760502CC04E7C036E7EE8EB8A29143519C35CF5295F9984EE8DE1FC8D7E93352119F9CF5FCB3412B7E3749B1540FD38AF7D996AB0700
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.4.0.a.].....1.1.0.0.=.E.r.r.o.r. .d.e. .i.n.i.c.i.o. .d.e. .i.n.s.t.a.l.a.c.i...n.....1.1.0.1.=.%.s.....1.1.0.2.=.E.l. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .%.1. .e.s.t... .p.r.e.p.a.r.a.n.d.o. .%.2.,. .q.u.e. .l.e. .g.u.i.a.r... .d.u.r.a.n.t.e. .e.l. .r.e.s.t.o. .d.e.l. .p.r.o.c.e.s.o. .d.e. .i.n.s.t.a.l.a.c.i...n... . .E.s.p.e.r.e. .p.o.r. .f.a.v.o.r.......1.1.0.3.=.C.o.m.p.r.o.b.a.n.d.o. .l.a. .v.e.r.s.i...n. .d.e.l. .s.i.s.t.e.m.a. .o.p.e.r.a.t.i.v.o.....1.1.0.4.=.C.o.m.p.r.o.b.a.n.d.o. .l.a. .v.e.r.s.i...n. .d.e.l. .i.n.s.t.a.l.a.d.o.r. .d.e. .W.i.n.d.o.w.s.(.R.).....1.1.0.5.=.C.o.n.f.i.g.u.r.a.n.d.o. .e.l. .i.n.s.t.a.l.a.d.o.r. .d.e. .W.i.n.d.o.w.s.....1.1.0.6.=.C.o.n.f.i.g.u.r.a.n.d.o. .%.s.....1.1.0.7.=.E.l. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .h.a. .t.e.r.m.i.n.a.d.o. .d.e. .c.o.n.f.i.g.u.r.a.r. .e.l. .i.n.s.t.a.l.a.d.o.r. .d.e. .W.i.n.d.o.w.s. .e.n. .e.l. .s.i.s.t.e.m.a... .E.l. .s.i.s.t.e.m.a. .s.e. .d.e.b.e. .r.e.i.n.i.c.i.a.r. .p.a.r.a. .s.

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\0x0410.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (304), with CRLF line terminators
Category:	dropped
Size (bytes):	25618
Entropy (8bit):	3.441902563741282
Encrypted:	false
SSDEEP:
MD5:	FFD754CB7FB9D6E7B999C7ECB444F8D1
SHA1:	5BD3AD5C53ACC047886A0E63D867AB04690D3EE4
SHA-256:	4B13428BAAB7405A1125EFD93F3569875CD19477B38608D4DD2FE2CCD3861E0F
SHA-512:	53FD1383989A277E39E29CDB6E65F537B92854C0E774558F2A5349630474334688B5760E770E219A03C6FB62A4DC868D94FE651C9C1F13B56E9517DE5DD2FD22
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.4.1.0.].....1.1.0.0.=.E.r.r.o.r.e. .d.i. .i.n.i.z.i.a.l.i.z.z.a.z.i.o.n.e. .d.e.l.l.'.i.n.s.t.a.l.l.a.z.i.o.n.e.....1.1.0.1.=.%.s.....1.1.0.2.=.I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .%.1. .s.t.a. .p.r.e.p.a.r.a.n.d.o. .%.2... . .A.t.t.e.n.d.e.r.e.......1.1.0.3.=.V.e.r.i.f.i.c.a. .d.e.l.l.a. .v.e.r.s.i.o.n.e. .d.e.l. .s.i.s.t.e.m.a. .o.p.e.r.a.t.i.v.o. .i.n. .c.o.r.s.o.....1.1.0.4.=.V.e.r.i.f.i.c.a. .d.e.l.l.a. .v.e.r.s.i.o.n.e. .d.i. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .i.n. .c.o.r.s.o.....1.1.0.5.=.C.o.n.f.i.g.u.r.a.z.i.o.n.e. .d.i. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .i.n. .c.o.r.s.o.....1.1.0.6.=.C.o.n.f.i.g.u.r.a.z.i.o.n.e. .d.i. .%.s. .i.n. .c.o.r.s.o.....1.1.0.7.=.I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .h.a. .c.o.m.p.l.e.t.a.t.o. .l.a. .c.o.n.f.i.g.u.r.a.z.i.o.n.e. .d.i. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .s.u.l. .s.i.s.t.e.m.a... .R.i.a.v.v.i.a.r.e. .i.l. .s.i.s.t.e.m.a. .p.e.r. .c.o.n.t.i.n.u.a.r.e... .S.c.e.g.l.i.e.r.e.

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\0x0c0c.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators
Category:	dropped
Size (bytes):	26820
Entropy (8bit):	3.4862698066593047
Encrypted:	false
SSDEEP:
MD5:	0B228775F1DE30872737647002E0F1C5
SHA1:	FF0EF0D449F2DF228D40EE5558EA4136D15C2417
SHA-256:	A2D09F95526954EA9833F6F03F319256F9E9D498E09E975B59ADD725127856B1
SHA-512:	47C9A603B1316D684AB4FC35F79EC9CBB4E1D019FEB2367CB38EDC3ED292CC19A2EE022B0A8B9F7785F6395B8FDEF7E7C736BC5EC9107B70AE05B57A25A17396
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.c.0.c.].....1.1.0.0.=.E.r.r.e.u.r. .l.o.r.s. .d.e. .l.'.i.n.i.t.i.a.l.i.s.a.t.i.o.n. .d.e. .l.'.i.n.s.t.a.l.l.a.t.i.o.n.....1.1.0.1.=.%.s.....1.1.0.2.=.L.'.i.n.s.t.a.l.l.a.t.i.o.n. .%.1. .p.r...p.a.r.e. .%.2.,. .l.e.q.u.e.l. .v.o.u.s. .g.u.i.d.e.r.a. .p.o.u.r. .l.'.i.n.s.t.a.l.l.a.t.i.o.n. .d.u. .l.o.g.i.c.i.e.l... .V.e.u.i.l.l.e.z. .p.a.t.i.e.n.t.e.r.......1.1.0.3.=.V...r.i.f.i.c.a.t.i.o.n. .d.e. .l.a. .v.e.r.s.i.o.n. .d.e. .s.y.s.t...m.e. .d.'.e.x.p.l.o.i.t.a.t.i.o.n.....1.1.0.4.=.V...r.i.f.i.c.a.t.i.o.n. .d.e. .l.a. .v.e.r.s.i.o.n. .d.e. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r.....1.1.0.5.=.C.o.n.f.i.g.u.r.a.t.i.o.n. .d.e. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.a.t.i.o.n. .d.'.%.s.....1.1.0.7.=.L.'.i.n.s.t.a.l.l.a.t.i.o.n. .a. .t.e.r.m.i.n... .l.a. .c.o.n.f.i.g.u.r.a.t.i.o.n. .d.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .s.u.r. .v.o.t.r.e. .o.r.d.i.n.a.t.e.u.r... .P.o.u.r. .p.o.u.v.o.i.r. .p.o.u.r.s.u.i.v.r.e. .l.'.i.n.s.t.a.l.l.a.t.i.o.n.,. .

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\0x0416.ini

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	24394
Entropy (8bit):	3.50011390118404
Encrypted:	false
SSDEEP:
MD5:	EB6DAE1391CAC22014AFD6CCF4C2C333
SHA1:	0476104DFF6077DE57ED24D43B2D4F8A74B6AD3E
SHA-256:	AF54DB26C9464B7A610D7EB73F06F36B43AC51E879AC4D21A1C70EB4524A2B24
SHA-512:	D40A5478056FF3A59E06DC779166BAF144EB0DB33819180FC6AC47808F49A2249158D8E5CF106C654CE42AB71B6F6F16C3B9777A6B445B1297F741AFFE09F587
Malicious:	false
Reputation:	low
Preview:	..[.0.x.0.4.1.6.].....1.1.0.0.=.E.r.r.o. .d.e. .i.n.i.c.i.a.l.i.z.a.....o. .d.a. .i.n.s.t.a.l.a.....o.....1.1.0.1.=.%.s.....1.1.0.2.=.A. .i.n.s.t.a.l.a.....o. .d.o. .%.1. .e.s.t... .p.r.e.p.a.r.a.n.d.o. .o. .%.2. .p.a.r.a. .a.j.u.d...-.l.o. .c.o.m. .o. .p.r.o.c.e.s.s.o. .d.e. .i.n.s.t.a.l.a.....o... . .A.g.u.a.r.d.e.......1.1.0.3.=.V.e.r.i.f.i.c.a.n.d.o. .a. .v.e.r.s...o. .d.o. .s.i.s.t.e.m.a. .o.p.e.r.a.c.i.o.n.a.l.....1.1.0.4.=.V.e.r.i.f.i.c.a.n.d.o. .a. .v.e.r.s...o. .d.o. .W.i.n.d.o.w.s... .I.n.s.t.a.l.l.e.r.....1.1.0.5.=.C.o.n.f.i.g.u.r.a.n.d.o. .o. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.a.n.d.o. .o. .%.s.....1.1.0.7.=.A. .i.n.s.t.a.l.a.....o. .c.o.m.p.l.e.t.o.u. .a. .c.o.n.f.i.g.u.r.a.....o. .d.o. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .e.m. .s.e.u. .s.i.s.t.e.m.a... .O. .s.i.s.t.e.m.a. .p.r.e.c.i.s.a. .s.e.r. .r.e.i.n.i.c.i.a.d.o. .p.a.r.a. .p.o.d.e.r. .c.o.n.t.i.n.u.a.r. .c.o.m. .a. .i.n.s.t.a.l.a.....o... .C.l.i.q.u.e. .e.m. .R.e.i.n.i.c.i.a.r. .p.a.r.a.

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\ISSetup.dll

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1647360
Entropy (8bit):	5.934102968567671
Encrypted:	false
SSDEEP:
MD5:	839E25ADD2CCD62EE83F1583EAF8CDBB
SHA1:	EAD6392B2A7699C46891CA29477CA4483434C6E3
SHA-256:	501608DE3EA14923E4F4E75415535BD8D25362A0ED20FE02E86E98C1D0FE5FCB
SHA-512:	BCD05DD1AEAE485CD2916381DB6D15D624FE3978641DA641CD54D7C20CE86735BDCBC1113992325C9B78F771FB9084706D51E35A14ABCEACE2D87D517EE38950
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........F'^.'I..'I..'I......'I.\|...'I.\|...'I.\|...'I.qP...'I.qP...'I..yM..'I..'H..%I.qP...'I./....'I./....'I./....'I./....'I./....'I..'...'I./....'I.Rich.'I.........................PE..L....C.b...........!.........~.....................................................=.....@.............................S...........@.................../... ...E......8............................*..@...............<...`........................text...b........................... ..`.orpc... ........................... ..`.rdata..C...........................@..@.data....c..........................@....rsrc........@......................@..@.reloc...m... ...n..................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\LockDownBrowserOEMSetup.exe (copy)

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967424
Entropy (8bit):	6.376167516676831
Encrypted:	false
SSDEEP:
MD5:	2F011DD8FDC25B623A9A1AD755F9A24D
SHA1:	2632652F76B1FDD97EC57C9CE5E4A52D4C7D1648
SHA-256:	ABB283B11C4A6F953EF5E29E294A02F99134DA6B468C02EE689087F00FB55636
SHA-512:	ADC74E0F0800B4A49FF94ED4CC6348CEA5C5A872DA476700A2CB799AC8424BA344BD8561621424213ED156A1B476736278E892154D4CCF7B40DC8962A59673B5
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...BD.b.............................7............@.......................................@..................................F.........................../...`...j..@...8...............................@....................C.......................text.............................. ..`.rdata..............................@..@.data...XI...p...$...L..............@....rsrc................p..............@..@.reloc..h....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\data1.cab

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	1916793
Entropy (8bit):	7.996806780638541
Encrypted:	true
SSDEEP:
MD5:	6D873E16F97D228081AC691E2E5CFED1
SHA1:	14989CA7142EF25C6EEAB1F44D047A39E336C9D9
SHA-256:	1A506AED0F073805A27E86842C2D2DD88039934B332B4FE1999A98E72FD770E3
SHA-512:	57DC4BFAF8E59CA782F7ABC49CE4E52553C9DE94CE157574322927EC1FB5CE4D7A2CC47C1ABE4B34AD4DB3079ECE083E7C5ABED6C694E5EB4A70396CAB6B742B
Malicious:	false
Reputation:	low
Preview:	ISc(............................%.............................................................................................................................................................................................................................................................................................................................................................y...J@...^.n<4...................3.VxG.Q ......r5.Z.C../....E.\...,>A..07].....................................................nd\|.\..}?..b.z..N.`..4...S....Sk.Ze.U.L..5.......x.3.Pc.5.Xc.5.Pb.%.ph.....x...,:...?~.r.W..?.....z.x....<.]..\..\|......#.Y../v.k/.....A..)...5L.pk..Bv.W].Ww..Wxc.0...JY%...QTDYZ1.../.gUC#c.=..rq{.D.!l).b.sW..)?.g.~.!:.T.....H"4........W.GG....%....^?%W..$..=-r../..J[Z.....R:...I ...,}7.O\D.b.y..../^...7..)K.25.M/...._..g.Y]Ul.......iiAAb....B..l.....k......v.v.......]......F0.W.....H..N.a.b .........p...M;........p...s!/.Zq.\|}.c..H.Iz@*B..0...v.J0.:s'.F..0c4..-

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\data1.hdr

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	27710
Entropy (8bit):	3.4926425543257675
Encrypted:	false
SSDEEP:
MD5:	21D7FF99DF9A337355357225F30F2E94
SHA1:	7A7CD8AA1A1B7BBF02E453773B76A88C1217DA60
SHA-256:	66CB05281227599DFF9BCF0B0689EEBCF97EBD75AA9390B0477F473AAA84A397
SHA-512:	0AD2D82ADBEA51F8A8A87DA0CC68DB23FA685446BD7088A6D08D11BA62FCD258F48BD555B92AE14E3E5AD4D0D6E4033687532B99DD857F7A592B66794750322F
Malicious:	false
Reputation:	low
Preview:	ISc(.............5..>l..........................................................................B~..........................................................................................................................................................................................................................................................................................y...J@...^.n<4...................3.VxG.Q ......r5.Z.C../....E.\...,>A..07].....................................................)...........5.......4...4..............{....................?............................................................/...;...........G...S..........._.......k...........................................................................................................................+.......................7...........C.......O...........[...............g...........s.....................................................................................................................

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\layout.bin

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	672
Entropy (8bit):	2.1743657088728834
Encrypted:	false
SSDEEP:
MD5:	1DF1FE855707C7092190A093DD83EE27
SHA1:	A30FE3CB511BAE2238AE1B7FE403955C85CF9DFB
SHA-256:	08E7D15A2C6FA9141A02864054F62DC2736FAA445A489B71CBA5BF970ACE5007
SHA-512:	F25653CD9E53DBA14C8757D77A276DD156A2AA7694AD3E7D2BAC23DFBBBCACE93A37EF52738B0B722FFDD7CAAD6D772C043134ADA346C31AD9B747AABC007642
Malicious:	false
Reputation:	low
Preview:	c..S.@...................................................................................................................................................................................................................................................................... ...T....j......................................$...:...N...b...v...........................................................s.e.t.u.p...i.n.i.....I.S.S.e.t.u.p...d.l.l...0.x.0.4.0.9...i.n.i...0.x.0.c.0.c...i.n.i...0.x.0.4.0.7...i.n.i...0.x.0.4.1.0...i.n.i...0.x.0.4.1.6...i.n.i...0.x.0.4.0.a...i.n.i...d.a.t.a.1...h.d.r...d.a.t.a.1...c.a.b...d.a.t.a.2...c.a.b...l.a.y.o.u.t...b.i.n...s.e.t.u.p...e.x.e...

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\Disk1\setup.exe

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967424
Entropy (8bit):	6.376167516676831
Encrypted:	false
SSDEEP:
MD5:	2F011DD8FDC25B623A9A1AD755F9A24D
SHA1:	2632652F76B1FDD97EC57C9CE5E4A52D4C7D1648
SHA-256:	ABB283B11C4A6F953EF5E29E294A02F99134DA6B468C02EE689087F00FB55636
SHA-512:	ADC74E0F0800B4A49FF94ED4CC6348CEA5C5A872DA476700A2CB799AC8424BA344BD8561621424213ED156A1B476736278E892154D4CCF7B40DC8962A59673B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...BD.b.............................7............@.......................................@..................................F.........................../...`...j..@...8...............................@....................C.......................text.............................. ..`.rdata..............................@..@.data...XI...p...$...L..............@....rsrc................p..............@..@.reloc..h....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\setup.ini

Download File

Process:	C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2728
Entropy (8bit):	3.7188010879237163
Encrypted:	false
SSDEEP:
MD5:	79B2A14B32DB06BB8734E1338697ED27
SHA1:	4DB4A6EAF8DCCBADDB0B2C5A663E1301D73FCEA2
SHA-256:	B90BE6972A7205D81817341F6095926CF9884D1DC34D3D1CA233FC59F86D733E
SHA-512:	9B30F3F5923EE52AFA576288320160380103505197CFD05AF4FF351B0C1570D854A89FF4756589893A6128C68F208AC1AA886E33CDAD825F19E1CBE7C33BB84E
Malicious:	false
Reputation:	low
Preview:	..[.S.t.a.r.t.u.p.].....E.n.a.b.l.e.L.a.n.g.D.l.g.=.Y.....P.r.o.d.u.c.t.=.R.e.s.p.o.n.d.u.s. .L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.....P.r.o.d.u.c.t.G.U.I.D.=.0.0.D.7.7.9.A.4.-.9.2.E.4.-.4.0.4.A.-.A.5.0.2.-.0.4.5.E.1.D.6.E.3.C.3.4.....C.o.m.p.a.n.y.N.a.m.e.=.R.e.s.p.o.n.d.u.s.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...R.e.s.p.o.n.d.u.s...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.4.0.9.....S.u.p.p.o.r.t.e.d.=.0.x.0.4.0.9.,.0.x.0.c.0.c.,.0.x.0.4.0.7.,.0.x.0.4.1.0.,.0.x.0.4.1.6.,.0.x.0.4.0.a.....R.e.q.u.i.r.e.E.x.a.c.t.L.a.n.g.

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBEW64.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	186392
Entropy (8bit):	5.823249404011815
Encrypted:	false
SSDEEP:
MD5:	CB279E894409AEF5F9410D7D8D113C54
SHA1:	300C199084E171880BB206A5F5C11C7A5B15744F
SHA-256:	E984815636A4F457069B13E5D2AB02DDBBC692E26DEDBA4D74BB9C9172A89232
SHA-512:	A58962EE7D9499DA216C1F6D93CE27AE4B759CA605469FD19AE48AE926CDA909D5D3762345F7304132D9C1EB3407797BB21498DC2BC10B0EB6FEE5A87657126B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...kC.b.........."......X...v.................@.....................................E....`..................................................J..........`.......$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\ISBF4EC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	186392
Entropy (8bit):	5.823249404011815
Encrypted:	false
SSDEEP:
MD5:	CB279E894409AEF5F9410D7D8D113C54
SHA1:	300C199084E171880BB206A5F5C11C7A5B15744F
SHA-256:	E984815636A4F457069B13E5D2AB02DDBBC692E26DEDBA4D74BB9C9172A89232
SHA-512:	A58962EE7D9499DA216C1F6D93CE27AE4B759CA605469FD19AE48AE926CDA909D5D3762345F7304132D9C1EB3407797BB21498DC2BC10B0EB6FEE5A87657126B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...kC.b.........."......X...v.................@.....................................E....`..................................................J..........`.......$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\corF4AB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	65503
Entropy (8bit):	3.783333450686201
Encrypted:	false
SSDEEP:
MD5:	09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:	01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:	8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:	false
Reputation:	low
Preview:	; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\corecomp.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	65503
Entropy (8bit):	3.783333450686201
Encrypted:	false
SSDEEP:
MD5:	09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:	01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:	8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:	false
Reputation:	low
Preview:	; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotF4BB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	28200
Entropy (8bit):	4.951731866513489
Encrypted:	false
SSDEEP:
MD5:	D87F3F761278D84BDB18560C2A22DDDA
SHA1:	D27ADAC09353F77A609F7F6E202A991E42F79F20
SHA-256:	3764BA7792BB5E391A54E86E8DF3DBC19F79F2D798FB9FF1830C0B411E1E7D32
SHA-512:	1755580A7D5C6853CE3B86A485D24D1330ED1A958DDFD40D4E62B4B8F2BD36CF52DCD49FFEBF1E8F1BD6F9DB94B37369140C01757C53EF9FD1EEAC845A0CF547
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\C.b..................... .......... ...@....... ..............................$.....@....................................K....@..`............@..(....`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotF4CC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.677494553177857
Encrypted:	false
SSDEEP:
MD5:	DB722945AB9C024CE55E469644393824
SHA1:	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56
SHA-256:	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
SHA-512:	40503C28296CEB68428E327AC79326579C067511638263A477534B8E33341F24E2944077ACCDABB947981980F91604B71B6715A1488181B9C48515AB81271ED8
Malicious:	false
Reputation:	low
Preview:	<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotnetinstaller.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	28200
Entropy (8bit):	4.951731866513489
Encrypted:	false
SSDEEP:
MD5:	D87F3F761278D84BDB18560C2A22DDDA
SHA1:	D27ADAC09353F77A609F7F6E202A991E42F79F20
SHA-256:	3764BA7792BB5E391A54E86E8DF3DBC19F79F2D798FB9FF1830C0B411E1E7D32
SHA-512:	1755580A7D5C6853CE3B86A485D24D1330ED1A958DDFD40D4E62B4B8F2BD36CF52DCD49FFEBF1E8F1BD6F9DB94B37369140C01757C53EF9FD1EEAC845A0CF547
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\C.b..................... .......... ...@....... ..............................$.....@....................................K....@..`............@..(....`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\dotnetinstaller.exe.config (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.677494553177857
Encrypted:	false
SSDEEP:
MD5:	DB722945AB9C024CE55E469644393824
SHA1:	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56
SHA-256:	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
SHA-512:	40503C28296CEB68428E327AC79326579C067511638263A477534B8E33341F24E2944077ACCDABB947981980F91604B71B6715A1488181B9C48515AB81271ED8
Malicious:	false
Reputation:	low
Preview:	<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\DIFF49A.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	84
Entropy (8bit):	4.638552692098388
Encrypted:	false
SSDEEP:
MD5:	1EB6253DEE328C2063CA12CF657BE560
SHA1:	46E01BCBB287873CF59C57B616189505D2BB1607
SHA-256:	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
SHA-512:	7C573896ABC86D899AFBCE720690454C06DBFAFA97B69BC49B8E0DDEC5590CE16F3CC1A30408314DB7C4206AA95F5C684A6587EA2DA033AECC4F70720FC6189E
Malicious:	false
Reputation:	low
Preview:	[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No..

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\DIFxData.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	84
Entropy (8bit):	4.638552692098388
Encrypted:	false
SSDEEP:
MD5:	1EB6253DEE328C2063CA12CF657BE560
SHA1:	46E01BCBB287873CF59C57B616189505D2BB1607
SHA-256:	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
SHA-512:	7C573896ABC86D899AFBCE720690454C06DBFAFA97B69BC49B8E0DDEC5590CE16F3CC1A30408314DB7C4206AA95F5C684A6587EA2DA033AECC4F70720FC6189E
Malicious:	false
Reputation:	low
Preview:	[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No..

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\FonF499.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	37
Entropy (8bit):	4.175273297885966
Encrypted:	false
SSDEEP:
MD5:	8CE28395A49EB4ADA962F828ECA2F130
SHA1:	270730E2969B8B03DB2A08BA93DFE60CBFB36C5F
SHA-256:	A7E91B042CE33490353C00244C0420C383A837E73E6006837A60D3C174102932
SHA-512:	BB712043CDDBE62B5BFDD79796299B0C4DE0883A39F79CD006D3B04A1A2BED74B477DF985F7A89B653E20CB719B94FA255FDAA0819A8C6180C338C01F39B8382
Malicious:	false
Reputation:	low
Preview:	[<Properties>]..FontRegistration=No..

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\FontData.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	37
Entropy (8bit):	4.175273297885966
Encrypted:	false
SSDEEP:
MD5:	8CE28395A49EB4ADA962F828ECA2F130
SHA1:	270730E2969B8B03DB2A08BA93DFE60CBFB36C5F
SHA-256:	A7E91B042CE33490353C00244C0420C383A837E73E6006837A60D3C174102932
SHA-512:	BB712043CDDBE62B5BFDD79796299B0C4DE0883A39F79CD006D3B04A1A2BED74B477DF985F7A89B653E20CB719B94FA255FDAA0819A8C6180C338C01F39B8382
Malicious:	false
Reputation:	low
Preview:	[<Properties>]..FontRegistration=No..

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\StrF50D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	3106
Entropy (8bit):	3.726991552323251
Encrypted:	false
SSDEEP:
MD5:	95D81474B11EC256C928DB65CFF0CE6A
SHA1:	FB268921FEECFC72757CF17D8549D38E12770968
SHA-256:	3036D0AD0918F4707997FB5C61A7FF805489C81B1026D2F6030A34E52B83939C
SHA-512:	FA0B67FF649A857E135D44E8CA8F10977CDAE221092D3FF6D57A30D7FC1921CFB5405C12B9759EA2402C507502FFA4EABD28A9BBFB02F7B5F6E7B2BBF1D92C71
Malicious:	false
Reputation:	low
Preview:	..[.S.t.r.i.n.g.T.a.b.l.e.:.D.a.t.a.:.0.4.0.9.].....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E._.D.E.S.C.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M.=.C.u.s.t.o.m.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M._.D.E.S.C._.P.R.O.=.C.u.s.t.o.m.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.1.=.L.a.u.n.c.h. .L.d.b.R.s.t.2...e.x.e.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.2.=.L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.3.=.L.a.u.n.c.h. .w.o.w._.h.e.l.p.e.r...e.x.e.....I.D.S._.S.Q.L.S.C.R.I.P.T._.I.N.S.T.A.L.L.I.N.G.=.E.x.e.c.u.t.i.n.g. .S.Q.L. .I.n.s.t.a.l.l. .S.c.r.i.p.t...........I.D.S._.S.Q.L.S.C.R.I.P.T._.U.N.I.N.S.T.A.L.L.I.N.G.=.E.x.e.c.u.t.i.n.g. .S.Q.L. .U.n.i.n.s.t.a.l.l. .S.c.r.i.p.t...........I.D.S._._.D.i.a.l.o.g.I.d._.1.2.0.5.3.=.I.n.s.t.a.l.l.S.h.i.e.l.d. .W.i.z.a.r.d.....I.D.S._._.D.i.a.l.o.g.I.d._.1.2.

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\StringTable_0x0409.ips (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	3106
Entropy (8bit):	3.726991552323251
Encrypted:	false
SSDEEP:
MD5:	95D81474B11EC256C928DB65CFF0CE6A
SHA1:	FB268921FEECFC72757CF17D8549D38E12770968
SHA-256:	3036D0AD0918F4707997FB5C61A7FF805489C81B1026D2F6030A34E52B83939C
SHA-512:	FA0B67FF649A857E135D44E8CA8F10977CDAE221092D3FF6D57A30D7FC1921CFB5405C12B9759EA2402C507502FFA4EABD28A9BBFB02F7B5F6E7B2BBF1D92C71
Malicious:	false
Reputation:	low
Preview:	..[.S.t.r.i.n.g.T.a.b.l.e.:.D.a.t.a.:.0.4.0.9.].....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E._.D.E.S.C.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M.=.C.u.s.t.o.m.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M._.D.E.S.C._.P.R.O.=.C.u.s.t.o.m.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.1.=.L.a.u.n.c.h. .L.d.b.R.s.t.2...e.x.e.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.2.=.L.o.c.k.D.o.w.n. .B.r.o.w.s.e.r. .O.E.M.....I.D.S._.S.H.O.R.T.C.U.T._.D.I.S.P.L.A.Y._.N.A.M.E.3.=.L.a.u.n.c.h. .w.o.w._.h.e.l.p.e.r...e.x.e.....I.D.S._.S.Q.L.S.C.R.I.P.T._.I.N.S.T.A.L.L.I.N.G.=.E.x.e.c.u.t.i.n.g. .S.Q.L. .I.n.s.t.a.l.l. .S.c.r.i.p.t...........I.D.S._.S.Q.L.S.C.R.I.P.T._.U.N.I.N.S.T.A.L.L.I.N.G.=.E.x.e.c.u.t.i.n.g. .S.Q.L. .U.n.i.n.s.t.a.l.l. .S.c.r.i.p.t...........I.D.S._._.D.i.a.l.o.g.I.d._.1.2.0.5.3.=.I.n.s.t.a.l.l.S.h.i.e.l.d. .W.i.z.a.r.d.....I.D.S._._.D.i.a.l.o.g.I.d._.1.2.

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF59C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6681683026510443
Encrypted:	false
SSDEEP:
MD5:	10E5EC83F8988AD842B071BDDA977FAC
SHA1:	8CFE21DA5FBE14BE8BEBA10F140D0C26F77DD22A
SHA-256:	0BE9E1A0544552E05DB8FFFABEFCA7F3FCD4BA5D435C37234E5DCDFE007A17CF
SHA-512:	9C2DF88054CAEC41804DE5CF2DA15D2E9145AD3A426D429ECD217CCFD8172C10B088710A6A34BB152DDCFDEE67DF1FAEBC83ED40DAFF7A93530C7E520F27DDD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ 5.A[..A[..A[.hG]..A[.Rich.A[.................PE..L...i..d...........!......... ...............................................0..........................................................P.................... .......................................................................................rsrc...P...........................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isF5AD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1855595
Entropy (8bit):	5.6753261102811
Encrypted:	false
SSDEEP:
MD5:	E79CF679E845F4B29F5F52734E4A13B6
SHA1:	BE75B42EA698993F015A1CE2C458AFAB327B97FA
SHA-256:	0121D606246F318198891EEBBD37326676C89CD524330CE41FBE8797EED65B88
SHA-512:	B7CC9700B8CF312BD8BEF5B98F4AABBDCF513F077DC11E996C6AE559CED91E26DDFA9BFD61FD8F97EDB115732DE23214B0E577B6490BC0532750100D07A699CC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L....l.b...........!.........................................................p...............................................@..(....P..9....................@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isres_0x0409.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1855595
Entropy (8bit):	5.6753261102811
Encrypted:	false
SSDEEP:
MD5:	E79CF679E845F4B29F5F52734E4A13B6
SHA1:	BE75B42EA698993F015A1CE2C458AFAB327B97FA
SHA-256:	0121D606246F318198891EEBBD37326676C89CD524330CE41FBE8797EED65B88
SHA-512:	B7CC9700B8CF312BD8BEF5B98F4AABBDCF513F077DC11E996C6AE559CED91E26DDFA9BFD61FD8F97EDB115732DE23214B0E577B6490BC0532750100D07A699CC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L....l.b...........!.........................................................p...............................................@..(....P..9....................@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\_isuser_0x0409.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6681683026510443
Encrypted:	false
SSDEEP:
MD5:	10E5EC83F8988AD842B071BDDA977FAC
SHA1:	8CFE21DA5FBE14BE8BEBA10F140D0C26F77DD22A
SHA-256:	0BE9E1A0544552E05DB8FFFABEFCA7F3FCD4BA5D435C37234E5DCDFE007A17CF
SHA-512:	9C2DF88054CAEC41804DE5CF2DA15D2E9145AD3A426D429ECD217CCFD8172C10B088710A6A34BB152DDCFDEE67DF1FAEBC83ED40DAFF7A93530C7E520F27DDD6
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ 5.A[..A[..A[.hG]..A[.Rich.A[.................PE..L...i..d...........!......... ...............................................0..........................................................P.................... .......................................................................................rsrc...P...........................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\defF57C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:	dropped
Size (bytes):	1168
Entropy (8bit):	2.551387347019812
Encrypted:	false
SSDEEP:
MD5:	0ABAFE3F69D053494405061DE2629C82
SHA1:	E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:	63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:	false
Reputation:	low
Preview:	RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\default.pal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:	dropped
Size (bytes):	1168
Entropy (8bit):	2.551387347019812
Encrypted:	false
SSDEEP:
MD5:	0ABAFE3F69D053494405061DE2629C82
SHA1:	E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:	63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:	false
Reputation:	low
Preview:	RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrF53C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	440336
Entropy (8bit):	7.973218769814836
Encrypted:	false
SSDEEP:
MD5:	E9208322F81FC26BEAAA5A73CAFDA4A2
SHA1:	11863AFBEF0456BF0E8C8BFAB1CFFAD0356F80CB
SHA-256:	0FE47B313616738F2D0864D17D4C7BA1FD0778C8F95D741989D597FE23D6CC7C
SHA-512:	A32193F7BA02FAA959DE9949C332C716949AF674B353A43E1DCE846747492EAA818963C28AFCAF837E757F93AA98A7F244177A5AFD204AD6B54D6006E522EC68
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L....D.b...........!.....\|...@...............................................@.......w..............................p...................h....................0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\isrt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	440336
Entropy (8bit):	7.973218769814836
Encrypted:	false
SSDEEP:
MD5:	E9208322F81FC26BEAAA5A73CAFDA4A2
SHA1:	11863AFBEF0456BF0E8C8BFAB1CFFAD0356F80CB
SHA-256:	0FE47B313616738F2D0864D17D4C7BA1FD0778C8F95D741989D597FE23D6CC7C
SHA-512:	A32193F7BA02FAA959DE9949C332C716949AF674B353A43E1DCE846747492EAA818963C28AFCAF837E757F93AA98A7F244177A5AFD204AD6B54D6006E522EC68
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L....D.b...........!.....\|...@...............................................@.......w..............................p...................h....................0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\licF479.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	18412
Entropy (8bit):	4.923001146823393
Encrypted:	false
SSDEEP:
MD5:	220E52D7335039ECA1908DA3232496E4
SHA1:	43B25DABC3686689F1F98A61A1ED512EDB93C7CC
SHA-256:	40398DD9C46A305E4C9A8F6E19459ED0631E95902E87516FFFEAC8C05059D300
SHA-512:	F1F9A9314CCCEBAB2FAA7E2AADF7BD7F8D425D199F8AEFC5E4B23B4C9663460D9260A835359C87D3A166F05DBF26A0988542762EC84AC9341AA5A9611EF2E487
Malicious:	false
Reputation:	low
Preview:	Terms of Use/End User License Agreement - LockDown Browser....Last Updated: January 10, 2022....BY CLICKING THE ACCEPTANCE BUTTON OR INSTALLING OR USING THE ..LOCKDOWN BROWSER SOFTWARE ("SOFTWARE"), THE INDIVIDUAL OR ENTITY ..INSTALLING OR USING THE SOFTWARE ("USER" OR "YOU") IS CONSENTING TO BE ..BOUND BY AND IS BECOMING A PARTY TO THIS END USER LICENSE AGREEMENT ..("AGREEMENT"). IF USER DOES NOT AGREE TO ALL OF THE TERMS OF THIS ..AGREEMENT, THE BUTTON INDICATING NON-ACCEPTANCE MUST BE SELECTED, ..AND USER MUST NOT INSTALL OR USE THE SOFTWARE. IF YOU ACCEPT THIS ..AGREEMENT ON BEHALF OF AN INSTITUTION OR ENTITY, YOU REPRESENT AND ..WARRANT THAT YOU ARE AUTHORIZED TO DO SO.....AS USED IN THIS AGREEMENT, "RESPONDUS" and "LICENSOR" SHALL MEAN ..RESPONDUS, INC.....If You have entered into a separate License Agreement with Respondus, in the ..event of a conflict between these Terms and those contained in the License ..Agreement, the terms of the License Agreement shall prevail.....If You

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\license.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	18412
Entropy (8bit):	4.923001146823393
Encrypted:	false
SSDEEP:
MD5:	220E52D7335039ECA1908DA3232496E4
SHA1:	43B25DABC3686689F1F98A61A1ED512EDB93C7CC
SHA-256:	40398DD9C46A305E4C9A8F6E19459ED0631E95902E87516FFFEAC8C05059D300
SHA-512:	F1F9A9314CCCEBAB2FAA7E2AADF7BD7F8D425D199F8AEFC5E4B23B4C9663460D9260A835359C87D3A166F05DBF26A0988542762EC84AC9341AA5A9611EF2E487
Malicious:	false
Reputation:	low
Preview:	Terms of Use/End User License Agreement - LockDown Browser....Last Updated: January 10, 2022....BY CLICKING THE ACCEPTANCE BUTTON OR INSTALLING OR USING THE ..LOCKDOWN BROWSER SOFTWARE ("SOFTWARE"), THE INDIVIDUAL OR ENTITY ..INSTALLING OR USING THE SOFTWARE ("USER" OR "YOU") IS CONSENTING TO BE ..BOUND BY AND IS BECOMING A PARTY TO THIS END USER LICENSE AGREEMENT ..("AGREEMENT"). IF USER DOES NOT AGREE TO ALL OF THE TERMS OF THIS ..AGREEMENT, THE BUTTON INDICATING NON-ACCEPTANCE MUST BE SELECTED, ..AND USER MUST NOT INSTALL OR USE THE SOFTWARE. IF YOU ACCEPT THIS ..AGREEMENT ON BEHALF OF AN INSTITUTION OR ENTITY, YOU REPRESENT AND ..WARRANT THAT YOU ARE AUTHORIZED TO DO SO.....AS USED IN THIS AGREEMENT, "RESPONDUS" and "LICENSOR" SHALL MEAN ..RESPONDUS, INC.....If You have entered into a separate License Agreement with Respondus, in the ..event of a conflict between these Terms and those contained in the License ..Agreement, the terms of the License Agreement shall prevail.....If You

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setF449.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	225055
Entropy (8bit):	7.377521973124482
Encrypted:	false
SSDEEP:
MD5:	001FEDCB0033549B9763184D7874F3B1
SHA1:	4C9030B1218377CD85C005ED4E4EE6E402DE0C99
SHA-256:	0EE89F3ECA9F2808FD0E8C4EAAE76C0677BEE3B732B799743D23818682E16D06
SHA-512:	0F6E73932C043A930038C5C330F763F210513E1B2939287FA2F96E7E9D413FCCFF5CCFF1911EB7DF4514E543C74652763F814A6813FD07682257C822C1365664
Malicious:	false
Reputation:	low
Preview:	t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}a.=mQ.Y]A..M1.s)!.)........................................}...m..q]}}aMm.U=]-E-M.5.=.%.-......................%..u........H...h...yqqey.P.]UU9].$.c{..w.))..o.s.CC.?......L...X..4....<.x..,...}..h.... ...Umm%U.....w.ck.cc.....[.?SCg..7o_8..... . X.4.... ...q...@.4.....E}Qii.Q.....s{.ss.{.g.w?......K..G?/.d<$@<<......(...l,......i.....0....AYY)A....g.{k{.......3....S+.OLL....$.H..$0<.4 .p$.....A..4....$..(....111.9w.[._..Ko.....3.+#[$`(..$\......<.$.........i..T.`......AYY.A.(...(.S..sg........O.C3[. $ @h.....4.. 4....T...y..A..@...d........-91.9.S..[C.Cc3{.SGk....H.\LT.L.D.<8 ........X...l.yqq]y.(.....5MM.5s.S.WK..@.....#..G7_.xLP.........<..8......h...Q..mq..T...EYMEE9M...o.))..GW_.....?_[C......h ..,(.............u..u....meeEm.....=55.=_.W.k....._.{#c7.....,D8\...................q....i}Qii9Q.w0{....[{..))...7.w3;K;k./..+d.....

C:\Users\user\AppData\Local\Temp\{73CA8D90-E694-41BC-A23D-8D4AADF0B96A}\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setup.inx (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{27012B02-3EFE-43F2-B9BC-858ACF02891D}\LockDownBrowserOEMSetup.exe
File Type:	data
Category:	dropped
Size (bytes):	225055
Entropy (8bit):	7.377521973124482
Encrypted:	false
SSDEEP:
MD5:	001FEDCB0033549B9763184D7874F3B1
SHA1:	4C9030B1218377CD85C005ED4E4EE6E402DE0C99
SHA-256:	0EE89F3ECA9F2808FD0E8C4EAAE76C0677BEE3B732B799743D23818682E16D06
SHA-512:	0F6E73932C043A930038C5C330F763F210513E1B2939287FA2F96E7E9D413FCCFF5CCFF1911EB7DF4514E543C74652763F814A6813FD07682257C822C1365664
Malicious:	false
Reputation:	low
Preview:	t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}a.=mQ.Y]A..M1.s)!.)........................................}...m..q]}}aMm.U=]-E-M.5.=.%.-......................%..u........H...h...yqqey.P.]UU9].$.c{..w.))..o.s.CC.?......L...X..4....<.x..,...}..h.... ...Umm%U.....w.ck.cc.....[.?SCg..7o_8..... . X.4.... ...q...@.4.....E}Qii.Q.....s{.ss.{.g.w?......K..G?/.d<$@<<......(...l,......i.....0....AYY)A....g.{k{.......3....S+.OLL....$.H..$0<.4 .p$.....A..4....$..(....111.9w.[._..Ko.....3.+#[$`(..$\......<.$.........i..T.`......AYY.A.(...(.S..sg........O.C3[. $ @h.....4.. 4....T...y..A..@...d........-91.9.S..[C.Cc3{.SGk....H.\LT.L.D.<8 ........X...l.yqq]y.(.....5MM.5s.S.WK..@.....#..G7_.xLP.........<..8......h...Q..mq..T...EYMEE9M...o.))..GW_.....?_[C......h ..,(.............u..u....meeEm.....=55.=_.W.k....._.{#c7.....,D8\...................q....i}Qii9Q.w0{....[{..))...7.w3;K;k./..+d.....

C:\Users\user\Downloads\LockDownBrowserOEMSetup.exe (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127723864
Entropy (8bit):	7.990864524856338
Encrypted:	true
SSDEEP:
MD5:	78E3E5B8AD9E9B9CBCCB60C01A9598E7
SHA1:	AE44CA5784A5F29CB846DADA24A25E5E18273954
SHA-256:	0DE0AB5BC6B5450F7C1649EDF208D21E930BA6207363B0464B27271D512757FC
SHA-512:	17C08DB66D3203ACA1D980DE00267A21908A2B9CE41ADD1B3DCA3A01D3CCECC204714A218BE48AA0093C8FF2F5D46FB66C4463D1E451A40E0A64865EB2373CE8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...BD.b.............................7............@......................................@..................................F......................X..../...`...j..@...8...............................@....................C.......................text.............................. ..`.rdata..............................@..@.data...XI...p...$...L..............@....rsrc................p..............@..@.reloc..h....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Unconfirmed 488790.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127723864
Entropy (8bit):	7.990864524856338
Encrypted:	true
SSDEEP:
MD5:	78E3E5B8AD9E9B9CBCCB60C01A9598E7
SHA1:	AE44CA5784A5F29CB846DADA24A25E5E18273954
SHA-256:	0DE0AB5BC6B5450F7C1649EDF208D21E930BA6207363B0464B27271D512757FC
SHA-512:	17C08DB66D3203ACA1D980DE00267A21908A2B9CE41ADD1B3DCA3A01D3CCECC204714A218BE48AA0093C8FF2F5D46FB66C4463D1E451A40E0A64865EB2373CE8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...BD.b.............................7............@......................................@..................................F......................X..../...`...j..@...8...............................@....................C.......................text.............................. ..`.rdata..............................@..@.data...XI...p...$...L..............@....rsrc................p..............@..@.reloc..h....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\eef71347-104d-4a91-87ff-5fde852c0987.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	6.38882938395252
Encrypted:	false
SSDEEP:
MD5:	893CD813BE013F8D958F89D0CA68953F
SHA1:	51049E1E4057781BC3CADCE48936FA7DF8A36565
SHA-256:	67479EACCA8188165C60FCB366691A16D7667E65382D378B9164A72241A61DF6
SHA-512:	97F6781E206AD14EE2E8D0F2BC4683A6E886B4816EFC459F7F3417B9454AE455BB8E961B0877D0C25778EB3EE2795D40C7274D5E3AEB60A19C38B884AFA8C4A2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...BD.b.............................7............@......................................@..................................F......................X..../...`...j..@...8...............................@....................C.......................text.............................. ..`.rdata..............................@..@.data...XI...p...$...L..............@....rsrc................p..............@..@.reloc..h....`......................@..B........................................................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sforce.co/lockdownWindows

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Program Files (x86)\InstallShield Installation Information\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setup.ilg (copy)

C:\Program Files (x86)\InstallShield Installation Information\{00D779A4-92E4-404A-A502-045E1D6E3C34}\setup.ini

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Ldb83D8.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LdbRst10.exe (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc808B.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc83F8.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\Loc8418.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowser.ico (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\LockDownBrowserOEM.exe (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr8458.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr8497.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chr84F6.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_100_percent.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_200_percent.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\chrome_elf.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3d8555.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\d3dcompiler_47.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\icu867F.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\icudtl.dat (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib895E.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib899E.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\lib8B54.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libEGL.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libGLESv2.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\libcef.dll (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\am.7104.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\am.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ar.7153.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ar.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bg.71A3.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bg.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bn.71E2.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\bn.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ca.7250.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\ca.pak (copy)

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\cs.7280.tmp

C:\Program Files (x86)\Respondus\LockDown Browser OEM\locales\cs.pak (copy)

Windows Analysis Report
https://sforce.co/lockdownWindows